Description
IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.
Published: 2026-05-27
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to bypass authorization controls when uploading data to a remote object storage path that contains a specific, crafted query string. It is classified as CWE‑285, meaning the attacker can gain access without proper credentials. Successful exploitation would let a malicious actor upload files or execute code under the database context, potentially compromising data confidentiality, integrity, and availability.

Affected Systems

All IBM Db2 12.1.0 through 12.1.4 releases are affected. The issue was identified in the 12.1 version line, and any installed instance within that range is vulnerable.

Risk and Exploitability

The CVSS score of 6.5 indicates medium severity. EPSS is not available, and the vulnerability is not listed in CISA’s KEV catalog. An attacker can exploit this remotely by uploading data to a configured object storage endpoint with a special query string, provided the database is exposed to the network and remote storage uploads are allowed. Because it bypasses authorization checks, it could elevate privileges or tamper with data if the attacker can reach the vulnerable upload path. No publicly documented exploits exist yet, but the ability to bypass authorization suggests potential for misuse.

Generated by OpenCVE AI on May 27, 2026 at 17:46 UTC.

Remediation

Vendor Solution

Customers running any vulnerable affected level of an affected Program, V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability. ReleaseFixed in mod packAPARDownload URL V12.1 TBD https://www.ibm.com/support/pages/node/7267513 IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.

Vendor Workaround

Use LOAD COPY command db2 load from test.del of del replace into t1 copy yes to 'DB2REMOTE://'. Instead of the LOAD COPY via the regvar DB2_LOAD_COPY_NO_OVERRIDE

OpenCVE Recommended Actions

  • Download and apply IBM’s interim fix build for Db2 V12.1.4 from Fix Central to all affected 12.1.x installations.
  • As a temporary workaround, use the LOAD COPY command example that directs data to a "DB2REMOTE://" path with the required parameters, thereby avoiding the vulnerable upload path.
  • Review and restrict the database’s remote object storage configuration so that only trusted endpoints can be written to and enforce proper authentication before accepting uploads, to prevent exploitation via the special query.

Generated by OpenCVE AI on May 27, 2026 at 17:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Ibm aix
Linux
Linux linux Kernel
CPEs cpe:2.3:a:ibm:db2:*:*:*:*:-:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Vendors & Products Ibm aix
Linux
Linux linux Kernel

Wed, 27 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.
Title IBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage path with a special query
First Time appeared Ibm
Ibm db2
Weaknesses CWE-285
CPEs cpe:2.3:a:ibm:db2:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:db2:12.1.4:*:*:*:*:*:*:*
Vendors & Products Ibm
Ibm db2
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Ibm Aix Db2
Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-05-27T14:45:33.154Z

Reserved: 2026-04-23T19:16:43.392Z

Link: CVE-2026-6938

cve-icon Vulnrichment

Updated: 2026-05-27T14:45:28.214Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:35.050

Modified: 2026-05-28T15:41:42.017

Link: CVE-2026-6938

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T04:00:07Z

Weaknesses