CVE-2026-11906
MEDIUM
6.5
CVSS 3.1
Description
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns.
Metadata
Severity & Metrics
6.5
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| IBM | Db2 | — | 11.5.0 ≤ 11.5.9, 12.1.0 ≤ 12.1.4 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-1284 | cna | CWE-1284 Improper Validation of Specified Quantity in Input |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.5 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
References (1)