CVE Catalog

CVE-2026-10109

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.86%

54th percentile — higher than 54% of all known CVEs

Summary

IBM Db2 versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4 are vulnerable to remote code execution due to improper handling of DRDA handshake before authentication.

Risk Assessment

An unauthenticated attacker can remotely execute arbitrary code on the database server, leading to full system and data compromise.

Recommendation

Immediately upgrade IBM Db2 to version 11.5.10 or 12.1.5, which fix this vulnerability.

Original NVD description (English source)

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS