Back to overview

CVE-2026-11906

MEDIUM
6.5
CVSS 3.1
Description
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns.

Metadata

CVE ID
CVE-2026-11906
State
PUBLISHED
Assigner
ibm
Reserved
2026-06-10 16:11 UTC
Published
2026-06-30 19:42 UTC
Last updated
2026-06-30 19:42 UTC
Primary CWE
CWE-1284
CWE-1284 Improper Validation of Specified Quantity in Input
Vendor / Product
IBM / Db2
Sources
cve.org  ·  NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products (1)
VendorProductPlatformVersions
IBM Db2 11.5.0 ≤ 11.5.9, 12.1.0 ≤ 12.1.4
Weakness (CWE)
CWESourceDescription
CWE-1284 cna CWE-1284 Improper Validation of Specified Quantity in Input
CVSS scores (1)
ScoreSeverityVersionSourceVector
6.5 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Back to overview