IBM Db2 11.5-12.1 DOS via Improper Query Neutralization
CVE-2026-1352 Published on April 22, 2026
IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.
Vulnerability Analysis
CVE-2026-1352 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Products Associated with CVE-2026-1352
Want to know whenever a new CVE is published for IBM Db2? stack.watch will email you.
Affected Versions
IBM Db2:- Version 11.5.0, <= 11.5.9 is affected.
- Version 12.1.0, <= 12.1.4 is affected.