IBM Db2 DoS Vulnerability CVE-2026-6053 Advisory

Vulnerability Overview IBM Db2 contains a denial-of-service vulnerability (CVE-2026-6053) that may cause service unavailability when a specially crafted query is executed on a range-partitioned table. Affected Products Affected Product: IBM Db2 Affected Versions: - 11.5.0 - 11.5.9 - 12.1.0 - 12.1.4 Supported Platforms: All platforms (including earlier versions such as 10.1, 9.7, etc., although these versions are no longer supported) Mitigation and Remediation Workaround: Disable intra-parallelism and ensure sufficient memory in the application heap to avoid memory allocation failures. Permanent Fix: - For V11.5 and V12.1 versions, special build versions containing the fix can be downloaded from Fix Central. - Specific Links: - V11.5: Special Build #81937 or later - V12.1: Special Build #83501 or later Additional Information Reference Links: - Complete CVSS v3 Guide - Online Calculator v3 Related Resources: - IBM Secure Engineering Web Portal - IBM Product Security Incident Response Blog - Published Security Vulnerabilities for DB2 for Linux, UNIX, and Windows including Special Build Information Disclaimer According to the FIRST organization’s statement, the CVSS scoring system is designed to convey the severity of vulnerabilities and response priority. IBM regularly updates its product vulnerability records, but customers are responsible for assessing the impact of vulnerabilities on their own environments. Document Classification Global Information: - Business Unit: BU058 - Product: SSEPGG - Component: DB2 for Linux, UNIX and Windows - Platform: Windows, Linux, Linux on IBM Z Systems, AIX - Edition: 11.5.9, 12.1.x - Line of Business: LOB10 Feedback and Support Feedback: Submit feedback to IBM Support Support: - 1-800-IBM-7378 (USA) - Directory of worldwide contacts --- Note: No Proof of Concept (PoC) code or exploit code is included in this document.

Goal Reached Thanks to every supporter — we hit 100%!

IBM Db2 DoS Vulnerability CVE-2026-6053 Advisory