Primary

Context

IBM Db2 Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in IBM Db2 versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 for Linux, UNIX, and Windows, including Db2 Connect Server. The issue arises from improper handling of special elements in data query logic, which can be exploited by an authenticated user under certain configurations. Specifically, the vulnerability is present when DB2_WORKLOAD is set to ANALYTICS or intra_parallel is enabled, along with DB2_EXTENDED_OPTIMIZATION set to NLJN_OFLOW ON.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing disruptions in database availability or performance.

Remediation

Users can upgrade to the special build containing the interim fix for this issue. This build is available for Db2 V11.5.9 and V12.1.4. Instructions for downloading this build can be found on the IBM Support website.

Added: Apr 30, 2026, 10:32 PM

Updated: Apr 30, 2026, 10:32 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

8.3

relevance

7.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

4.9

remediation

8.3

relevance

7.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Db2 Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM Db2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating