Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2595 articles · 173333 vulns · 37/41 feeds (7d)
← Back to list
9.8
CVE-2026-10109PATCHED
ibm · db2

IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling

Description

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.

Affected Products

VendorProductVersions
ibmdb211.5.0, 12.1.0

References

  • https://www.ibm.com/support/pages/node/7277424(vendor-advisory, patch)

Related News (2 articles)

Tier C
VulDB8d ago
CVE-2026-10109 | IBM DB2 up to 11.5.9/12.1.4 code injection
→ No new info (linked only)
Tier D
Heise Security14d ago
Sicherheitsupdate: Kritische Client-Handshake-Lücke bedroht IBM Db2
→ No new info (linked only)
CVSS 3.19.8 CRITICAL
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA KEV❌ No
Actively exploited❌ No
Patch available
https://www.ibm.com/support/pages/node/7277424
CWECWE-94
PublishedJun 30, 2026
Last enriched8d agov2
Trending Score21
Source articles2
Independent2
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-9074
IBM API Connect SQL Injection
Trending: 42
HIGHPRE-CVE
Multiple Vulnerabilities in IBM Operational Decision Manager Allow Code Execution, Privilege Escalation, DoS, Information Disclosure, File Manipulation, and Security Bypass
Trending: 27
HIGHCVE-2026-3144
IBM API Connect Default Credentials
Trending: 25
CRITICALCVE-2026-7663
Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass
Trending: 16
CRITICALCVE-2026-7803
Flow Validation Bypass via Empty Component Type Field
Trending: 16

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 30, 2026
Discovered by ZDM
Jun 30, 2026
Updated: description
Jul 1, 2026
Patch Available
Jul 1, 2026

Version History

v2
Last enriched 8d ago
v2Tier C8d ago

Updated description with new details about the vulnerability and corrected exploit availability to false.

description
via VulDB
v18d ago

Initial creation