Critical IBM Db2 Flaw Allows Pre-Auth Remote Code Execution
ID: 9f4ebf6f-befb-512a-bbb5-31fb95653201
STIX ID: report--9f4ebf6f-befb-512a-bbb5-31fb95653201
Feed Name: securityonline.info
Threat Score
**TL;DR:** IBM patched a critical pre-auth remote code execution in Db2 (CVE-2026-10109, CVSS 9.8) that allows unauthenticated code execution via the DRDA handshake; it affects Db2 11.5.0–11.5.9 and 12.1.0–12.1.4 across platforms, has no confirmed exploitation so far, and administrators should install the vendor special builds or restrict network access to Db2 listeners until patched.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
