Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-9762— IBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control

CVSS 7.8 · High EPSS 0.17% · P6

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 2

VendorProductVersion RangeStatus
IBMDb211.5.0≤ 11.5.9affected
12.1.0≤ 12.1.4affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-9762

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
IBM® Data Server driver for JDBC and SQLJ is vulnerable to remote code execution when jdbc url is under user control
Source: NVD (National Vulnerability Database)
Vulnerability Description
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
IBMDb2 11.5.0 ~ 11.5.9 cpe:2.3:a:ibm:db2:11.5.0:*:*:*:*:*:*:*

II. Public POCs for CVE-2026-9762

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-9762

登录查看更多情报信息。

Vendor Advisories for CVE-2026-9762 (1)

Same Patch Batch · IBM · 2026-07-17 · 34 CVEs total

CVE-2026-91359.9 CRITICALPolicies Component Dynamic CodeInput Fields Bypass Custom Component Validation
CVE-2026-88599.9 CRITICALPath Traversal in APIRequest Component via Content-Disposition Header
CVE-2026-86359.9 CRITICALArbitrary Code Execution in Python Interpreter Component
CVE-2026-84819.9 CRITICALRemote Code Execution via Code Validation Endpoint
CVE-2026-84769.9 CRITICALDisk Cache Deserialization Remote Code Execution Vulnerability
CVE-2026-134469.8 CRITICALLangflow is affected by remote code execution, denial of service, path traversal, and expo
CVE-2026-92029.8 CRITICALUnauthenticated User Registration Could Lead to Remote Code Execution
CVE-2026-91989.8 CRITICALUnauthenticated Remote Code Execution via Auto-Login Bypass and Code Validation
CVE-2026-91039.8 CRITICALUnauthenticated Superuser Token Issuance via Auto-Login Endpoint
CVE-2026-85059.8 CRITICALAuthentication Bypass in Webhook Endpoints Allowed Unauthorized Flow Execution
CVE-2026-150919.3 CRITICALMultiple Vulnerabilities in IBM Engineering AI hub.
CVE-2026-144998.8 HIGHLangflow is affected by remote code execution, denial of service, path traversal, and expo
CVE-2026-80568.8 HIGHParameter Injection Vulnerability in API Graph Execution Engine
CVE-2026-76678.8 HIGHPath Traversal Vulnerability in API Request Component Content-Disposition Header Processin
CVE-2026-77558.8 HIGHMCP Server Configuration Validator Bypass via File Upload API
CVE-2026-134458.1 HIGHLangflow is affected by remote code execution, denial of service, path traversal, and expo
CVE-2026-134488.1 HIGHLangflow is affected by remote code execution, denial of service, path traversal, and expo
CVE-2026-134738.1 HIGHIBM Storage Protect Client is vulnerable to Heap-Based Buffer Overflow
CVE-2026-77547.7 HIGHSSRF Protection Configuration Vulnerability
CVE-2026-78727.5 HIGHPath Traversal Vulnerability in File Component Leading to Arbitrary File Read and Authenti

Showing top 20 of 34 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

V. Comments for CVE-2026-9762

No comments yet


Leave a comment