IBM Db2 Denial of Service Vulnerability (CVE-2026-6051) Advisory

Vulnerability Overview Vulnerability Name: IBM Db2® Denial of Service Vulnerability (CVE-2026-6051) Description: A denial of service vulnerability exists in IBM Db2® when executing crafted queries with small statement stacks. CVSS Score: 5.5 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Impact Scope Affected Product: IBM Db2® Affected Versions: - 11.5.0 - 11.5.9 - 12.1.0 - 12.1.4 Supported Platforms: All platforms Other Versions: Earlier versions (such as 10.1, 9.7, etc.) may also be affected but are no longer supported. Unmentioned older versions are not supported. Remediation Temporary Fix: - Increase the statement stack size by setting a larger STMTHEAP. - Or set the optimization level to 0. Users can add optimizer guidelines to the query: Permanent Fix: - Download a special build version containing the temporary fix from Fix Central. - The special build version is based on the latest level of each affected release: V11.5.9 and V12.1.4. - This can be applied to the appropriate release version of any affected level to remediate this vulnerability. References Complete CVSS v3 Guide Online Calculator v3 Additional Information Related Resources: - IBM Secure Engineering Web Portal - IBM Product Security Incident Response Blog - Published Security Vulnerabilities for DB2 for Linux, UNIX, and Windows including Special Build information Disclaimer IBM provides no warranties, including implied warranties of merchantability and fitness for a particular purpose. Customers are responsible for assessing the impact of any actual or potential security vulnerabilities. IBM regularly updates known components within product components and addresses related vulnerabilities. The referenced product versions may be outdated, and IBM does not guarantee that these versions are still supported. Document Location Available globally. Document Information Modification Date: May 21, 2026 Initial Release Date: May 21, 2026 UID: IBM17273558 Feedback Provides links and contact information for feedback. --- The above is a summary of key vulnerability information from the webpage screenshot.

Goal Reached Thanks to every supporter — we hit 100%!

IBM Db2 Denial of Service Vulnerability (CVE-2026-6051) Advisory