Primary

Context

IBM Db2 Authorization Bypass Vulnerability Allowing Unauthorized Command Execution

Vulnerability

Patched

An authorization bypass vulnerability has been identified in IBM Db2 for Linux, UNIX, and Windows (including Db2 Connect Server) versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3. Under certain configurations of cataloged remote storage aliases, this vulnerability could allow an authenticated user to execute unauthorized commands by exploiting the authorization bypass with a user-controlled key. This issue is specific to the Linux operating system; Unix and Windows versions are not affected.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution on the affected Db2 server.

Remediation

Users can upgrade to the special build containing the interim fix for this vulnerability. This special build is available for Db2 version 11.5.9 and 12.1.2. Instructions for downloading these special builds are available on the IBM Support website.

Added: Jan 30, 2026, 10:31 PM

Updated: Jan 30, 2026, 10:31 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.9

remediation

8.3

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

4.9

remediation

8.3

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Db2 Authorization Bypass Vulnerability Allowing Unauthorized Command Execution

Vulnerability

Impact

Remediation

Affected Products

IBM Db2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating