CVE-2026-10109 – IBM Db2
CVSS 9.8
CRITICAL
Critical or Zero Day – Immediate Deployment
“A single pre-auth weakness can put an entire database environment at risk.”
IBM patched a critical vulnerability in Db2 that could allow an unauthenticated remote attacker to execute arbitrary code because of improper handling of the pre-authentication DRDA handshake. The issue affects IBM Db2 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4. CVE-2026-10109 has a CVSS score of 9.8, which is Critical severity.
The vulnerability can be exploited before authentication, increasing the potential impact on exposed Db2 deployments. Verified exploitation has not been reported. Organizations should apply the available IBM updates to eliminate the remote code execution risk.
Key Details
- Affected Product
- Ibm Db2
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-94
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.