IBM
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any IBM product.
RSS Feeds for IBM security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in IBM products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by IBM Sorted by Most Security Vulnerabilities since 2018
Known Exploited IBM Vulnerabilities
The following IBM vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| IBM Aspera Faspex Code Execution Vulnerability |
IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw. CVE-2022-47986 Exploit Probability: 100.0% |
February 21, 2023 |
| IBM InfoSphere BigInsights Invalid Input Vulnerability |
Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data. CVE-2013-3993 Exploit Probability: 5.2% |
May 25, 2022 |
| IBM WebSphere Application Server and Server Hypervisor Edition Code Injection. |
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands CVE-2015-7450 Exploit Probability: 97.7% |
January 10, 2022 |
| IBM Data Risk Manager Arbritary File Download |
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to download arbitrary files from the system. IBM X-Force ID: 180535. CVE-2020-4430 Exploit Probability: 68.5% |
November 3, 2021 |
| IBM Data Risk Manager Authentication Bypass |
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532. CVE-2020-4427 Exploit Probability: 70.0% |
November 3, 2021 |
| IBM Data Risk Manager Command Injection |
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533. CVE-2020-4428 Exploit Probability: 61.7% |
November 3, 2021 |
| IBM Planning Analytics configuration overwrite vulnerability |
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. CVE-2019-4716 Exploit Probability: 86.4% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 6 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 292 vulnerabilities in IBM with an average score of 6.2 out of ten. Last year, in 2025 IBM had 563 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in IBM in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.08
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 292 | 6.17 |
| 2025 | 563 | 6.26 |
| 2024 | 503 | 6.44 |
| 2023 | 357 | 6.80 |
| 2022 | 327 | 6.36 |
| 2021 | 443 | 6.10 |
| 2020 | 353 | 6.19 |
| 2019 | 454 | 6.14 |
| 2018 | 451 | 6.24 |
It may take a day or so for new IBM vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-10852 | Jun 22, 2026 |
Denial of Service via WebSphere WebServer Plug-in in IBM WAS 7.3-7.6IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted requests to the web server. |
I
|
| CVE-2026-7253 | Jun 22, 2026 |
IBM Sterling File Gateway SSRF in Watson Speech CartridgeIBM Watson Speech Services Cartridge is vulnerable to Server-Side Request Forgery (SSRF) in Sterling File Gateway, due to a flaw which may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks [GHSA-rr7j-v2q5-chgv] [CVE-2026-7253]. IBM Sterling File Gateway is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for remediation below. |
Ibm Watson Speech Services Cartridge
|
| CVE-2026-9320 | Jun 22, 2026 |
IBM WebSphere App Server DoS: crafted request (pre 9.0/8.5, Liberty 1726)IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. |
WebSphere Application Server
Websphere Application Server Liberty
|
| CVE-2026-9071 | Jun 22, 2026 |
WAS DoS via crafted request (8.59.0 & Liberty 17.026.0)IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. |
WebSphere Application Server
Websphere Application Server Liberty
|
| CVE-2026-9006 | Jun 22, 2026 |
IBM WAS 9.0/8.5 SSRF via Ajax ProxyIBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure. |
WebSphere Application Server
|
| CVE-2026-8646 | Jun 22, 2026 |
IBM WebSphere App Server 9.0/8.5/Liberty 17-26 HTTP Request SmugglingIBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security controls, spoof identity, escalate privilege, and expose sensitive information. |
WebSphere Application Server
Websphere Application Server Liberty
|
| CVE-2026-10845 | Jun 22, 2026 |
IBM WAS 8.5/9.0 JAX-WS Auth Bypass Remote ExploitIBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications. |
WebSphere Application Server
|
| CVE-2024-51454 | Jun 22, 2026 |
HTTP Header Injection in IBM Engineering Workflow Mgr 7.0.2-7.1 via HostIBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. |
Engineering Workflow Management
|
| CVE-2023-33854 | Jun 22, 2026 |
IBM Db2 on Cloud Pak for Data <=5.3: Authenticated MITM bypass of clientside validationIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, and 5.3 could allow an authenticated user to bypass client-side validation and manipulate input data using man in the middle techniques. |
Db2 On Cloud Pak For Data
Db2 Warehouse On Cloud Pak Data
|
| CVE-2026-9610 | Jun 22, 2026 |
IBM Datacap 9.1.7-9.1.9 Access Control Bypass via Direct URLIBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, bypassing intended access controls. |
Datacap
Datacap Navigator
|
| CVE-2026-9072 | Jun 22, 2026 |
Remote Code Exec in IBM WebSphere WebServer Plugin (IBM i 7.37.6)IBM WebSphere Application Server and IBM WebSphere Application Server Liberty - when using Intelligent Management with the WebSphere WebServer Plug-in component - are vulnerable to remote code execution and denial of service. This vulnerability can be exploited when an attacker impersonates backend servers and sends crafted responses to the plug-in. |
I
|
| CVE-2026-8858 | Jun 22, 2026 |
IBM WebSphere Web Server Plug-in RCE (7.3-7.6)IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to remote code execution and denial of service in the WebSphere Web Server Plug-in component. This vulnerability can be exploited when an attacker impersonates the application server and sends crafted responses to the plug-in. |
I
|
| CVE-2026-8636 | Jun 22, 2026 |
IBM Datacap & Navigator 9.1.7-9.1.9: Credential Leak (CVE-2026-8636)IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys to decrypt password, gain access to the application and access sensitive data in the database. |
Datacap
Datacap Navigator
|
| CVE-2026-8059 | Jun 22, 2026 |
IBM Datacap 9.1.79.1.9 XSS in Web UIIBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
Datacap
Datacap Navigator
|
| CVE-2026-7664 | Jun 22, 2026 |
IBM Langflow OSS <1.8.4: Unauth MCP Access via Streamable TransportIBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Streamable MCP transport endpoint. |
Langflow Oss
|
| CVE-2026-11372 | Jun 22, 2026 |
IBM TRIRIGA App Platform 5.0.2-5.0.3 XSS via Authenticated Web UIIBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
Tririga Application Platform
|
| CVE-2026-12628 | Jun 22, 2026 |
IBM Storage Protect Client 8.x Authentication Bypass via Hardcoded FCM CredentialIBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker to bypass authentication due to the use of a hardcoded credential in the FlashCopy Manager (FCM) authentication mechanism. The application contains a static credential embedded in multiple authentication code paths, and does not properly validate authentication responses, which may allow an unauthenticated attacker to establish a trusted session and access protected services. This vulnerability affects client components across multiple versions and may allow an attacker to impersonate legitimate clients, potentially leading to unauthorized access to system resources. |
Storage Protect Client
Storage Protect Snapshot Windows
|
| CVE-2026-10561 | Jun 22, 2026 |
IBM Langflow 1.0-1.9.3 Auth Bypass & Improper Python Exec IsolationIBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise |
Langflow Oss
|
| CVE-2025-33128 | Jun 22, 2026 |
XSS in IBM Engineering Workflow Mgmt v7.0.3-7.1 (pre Fix 020/007)IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
Engineering Workflow Management
|
| CVE-2025-2669 | Jun 22, 2026 |
IBM Db2 on Cloud Pak for Data 4.8-5.3 Privileged Token Validation FlawIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation. |
Db2 On Cloud Pak For Data
Db2 Warehouse On Cloud Pak Data
|
| CVE-2024-54178 | Jun 22, 2026 |
IBM Db2 on Cloud Pak for Data <5.3 - Authenticated DoS on DB creationIBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8,5.0,5.1,5.2,5.3 could allow an authenticated user to cause a denial of service when creating new databases due to improper allocation of resources. |
Db2 On Cloud Pak For Data
Db2 Warehouse On Cloud Pak Data
|
| CVE-2026-4870 | Jun 12, 2026 |
IBM Qiskit SDK 0.43.0-2.5.0: Parser Recursion Causing Segfault DoSIBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser. |
Qiskit Sdk
|
| CVE-2024-45636 | Jun 11, 2026 |
IBM QRadar EDR 3.12-3.12.24 Stores Credentials Plain TextIBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user. |
Security Qradar Edr
|
| CVE-2026-3341 | Jun 11, 2026 |
SSRF in IBM Langflow Desktop 1.0.01.9.2IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. |
Langflow Desktop
|
| CVE-2026-4096 | Jun 11, 2026 |
IBM DevOps Plan 3.0.0-3.0.6 HTTP Header Injection (HOST)IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking |
Devops Plan
|
| CVE-2026-7787 | Jun 11, 2026 |
Auth Bypass via IDOR in IBM Langflow OSS 1.0.0-1.9.1IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. |
Langflow Oss
|
| CVE-2026-7870 | Jun 11, 2026 |
IBM i 7.3-7.6 Privilege Escalation via Unqualified Library CallIBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. |
I
|
| CVE-2026-9330 | Jun 01, 2026 |
IBM WAS 9.0/8.5 SAML WebSSO RCE via Deserialization GadgetIBM WebSphere Application Server 9.0, and 8.5 is affected by an improper validation of user-supplied data during deserialization using the SAML Web Single Sign-On component. This could result in remote code execution via a crafted HTTP request when combined with a suitable gadget chain. |
WebSphere Application Server
|
| CVE-2026-9319 | Jun 01, 2026 |
IBM WAS 8.5-9.0 RCE via Deserialization in JAX-WS WS-SecurityIBM WebSphere Application Server 9.0, and 8.5 is vulnerable to potential remote code execution due to deserialization of untrusted data via JAX-WS endpoints with WS-Security. |
WebSphere Application Server
|
| CVE-2026-9311 | Jun 01, 2026 |
IBM WebSphere App Server 8.5-9.0 RCE via Security Control BypassIBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls. |
WebSphere Application Server
|
| CVE-2026-8644 | Jun 01, 2026 |
IBM WebSphere App Server 8.5/9.0 Identity Spoofing VulnerabilityIBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing. |
WebSphere Application Server
|
| CVE-2026-7770 | Jun 01, 2026 |
IBM i Access Client Solutions ACS RCE via Navigator 1.1.5.0-1.1.9.12IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions (ACS) is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator. |
I Access Family
|
| CVE-2026-1248 | May 27, 2026 |
IBM BAW Containers Leak DB Structure in Error MessagesIBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages. |
Business Automation Workflow Containers Traditional
|
| CVE-2026-7876 | May 27, 2026 |
IBM Aspera HSTS Vulnerability in CP4I 1.5.1-1.5.19IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific restriction settings are not in place. |
Aspera Hsts For Cp4i
|
| CVE-2026-7365 | May 27, 2026 |
IBM Ops Analytics Log Analysis Default Password Auth BypassIBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication. |
Operations Analytics Log Analysis
|
| CVE-2024-56462 | May 27, 2026 |
IBM QRadar 7.5.0 Backup Upload RCE via Malicious ArchiveIBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system. |
Qradar
|
| CVE-2024-40684 | May 27, 2026 |
IBM SmartCloud Analytics Log Analysis Weak Passwords 1.3.5-1.3.8IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. |
Operations Analytics Log Analysis
|
| CVE-2024-28765 | May 27, 2026 |
Remote Info Disclosure in IBM SDI 7.2.0.07.2.0.14 & 10.0.0.010.0.0.2IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. |
Sdi
Security Directory Integrator
|
| CVE-2026-9035 | May 27, 2026 |
IBM Aspera asperahttpd Arbitrary File Read 3.7.4-4.4.7IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be able to take advantage of this vulnerability to access files in the servers local storage that they should not have access to. |
Aspera High Speed Transfer Endpoint
Aspera High Speed Transfer Server
|
| CVE-2026-8405 | May 27, 2026 |
IBM Guardium Data Protection 12.2.1-12.2.2 LTR Exposes Credentials in Debug ModeIBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode. |
Guardium Data Protection
|
| CVE-2026-8180 | May 27, 2026 |
IBM Aspera High-Speed Transfer Endpoint 3.7.4-4.4.7 FP1 DoS via asperahttpdIBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause the asperahttpd service to crash. |
Aspera High Speed Transfer Endpoint
Aspera High Speed Transfer Server
|
| CVE-2026-8179 | May 27, 2026 |
IBM Aspera Buffer Overflow in asperahttpd 3.7.44.4.7IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could allow an authenticated user to execute arbitrary code on the system. |
Aspera High Speed Transfer Endpoint
Aspera High Speed Transfer Server
|
| CVE-2026-8175 | May 27, 2026 |
IBM Aspera HTTPD Buffer Overflow (3.7.44.4.7 FP1) DoS & RCEIBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be exploited to cause a denial of service and potentially lead to authentication bypass or remote code execution. |
Aspera High Speed Transfer Endpoint
Aspera High Speed Transfer Server
|
| CVE-2026-7528 | May 27, 2026 |
IBM Langflow OSS 1.0.0-1.9.0 DoS via Uncontrolled Resource ConsumptionIBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption. |
Langflow Oss
|
| CVE-2026-7524 | May 27, 2026 |
IBM Langflow OSS 1.9.1 RCE via Symlink during Archive ExtractionIBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction. |
Langflow Oss
|
| CVE-2026-7254 | May 27, 2026 |
IBM OPENBMC FW1110.001110.11 DoS via unauthenticated networkIBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users. |
Openbmc
|
| CVE-2026-6938 | May 27, 2026 |
Db2 12.1.x Auth Bypass via Remote Object Storage Upload PathIBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query. |
Db2
|
| CVE-2026-6936 | May 27, 2026 |
IBM i ILE Compiler Recursion DoS Before 7.6 (7.5,7.4,7.3)IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit this vulnerability by compiling specially crafted source code containing a specific combination of statements. |
I
|
| CVE-2026-6053 | May 27, 2026 |
IBM DB2 11.5/12.1 DoS via range-partitioned tablesIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. |
Db2
|
| CVE-2026-6052 | May 27, 2026 |
IBM Db2 11.5-12.1 MEMExhaustion via MDC Table QueriesIBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables. |
Db2
|