logo

Critical IBM Db2 Flaw Allows Pre-Auth Remote Code Execution

ID: 9f4ebf6f-befb-512a-bbb5-31fb95653201

STIX ID: report--9f4ebf6f-befb-512a-bbb5-31fb95653201

Feed Name: securityonline.info

Threat Score
72/100

Date Published: 2026-07-02

Date Updated: 2026-07-02

Author: Do Son

...
...

**TL;DR:** IBM patched a critical pre-auth remote code execution in Db2 (CVE-2026-10109, CVSS 9.8) that allows unauthenticated code execution via the DRDA handshake; it affects Db2 11.5.0–11.5.9 and 12.1.0–12.1.4 across platforms, has no confirmed exploitation so far, and administrators should install the vendor special builds or restrict network access to Db2 listeners until patched.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.