IBM Cloud APM 8.1.4: Authenticated DoS via Fenced Env Query Logic
CVE-2026-3676 Published on May 27, 2026
There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products.
IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced environment.
Vulnerability Analysis
CVE-2026-3676 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Products Associated with CVE-2026-3676
stack.watch emails you whenever new vulnerabilities are published in IBM Cloud Apm Base Private or IBM Cloud Apm Advanced Private. Just hit a watch button to start following.
Affected Versions
IBM Cloud APM, Base Private:- Version 8.1.4, <= ) Interim Fix 021 is affected.
- Version 8.1.4 is affected.