Skip to content
Threat Feed
medium advisory

IBM Db2 Vulnerable to Denial-of-Service via Crafted Query (CVE-2026-1718)

IBM Db2 versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4 are vulnerable to a denial-of-service (DoS) attack via a specially crafted query when autonomous transactions are enabled, potentially leading to service disruption.

IBM Db2 is susceptible to a denial-of-service vulnerability, identified as CVE-2026-1718, affecting versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4. This vulnerability is triggered when a specially crafted query is executed while autonomous transactions are enabled within the Db2 environment. A successful exploit could lead to resource exhaustion, rendering the database service unavailable and disrupting applications relying on it. Defenders should implement mitigations to prevent malicious actors from exploiting this vulnerability and causing downtime.

Attack Chain

  1. An attacker identifies a vulnerable IBM Db2 instance with autonomous transactions enabled.
  2. The attacker crafts a malicious SQL query designed to exploit the vulnerability.
  3. The attacker authenticates to the Db2 instance with valid, but potentially low-privileged, credentials.
  4. The attacker executes the crafted SQL query.
  5. The malicious query triggers excessive resource allocation within the Db2 database engine.
  6. The excessive resource allocation leads to memory exhaustion or CPU overload.
  7. Db2 becomes unresponsive, leading to a denial-of-service condition.
  8. Applications relying on Db2 experience disruptions or failures due to database unavailability.

Impact

Successful exploitation of CVE-2026-1718 can result in a denial of service, causing IBM Db2 database instances to become unavailable. This can disrupt business operations that rely on the affected databases, potentially leading to data unavailability, application failures, and financial losses. The vulnerability impacts Db2 versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4, potentially affecting numerous organizations that utilize these versions.

Recommendation

  • Apply the security patch or upgrade to a fixed version of IBM Db2 as recommended in the IBM advisory (https://www.ibm.com/support/pages/node/7273555).
  • Monitor Db2 database logs for suspicious SQL queries that may be indicative of exploitation attempts.
  • Deploy the Sigma rule “Detect Suspicious Db2 Queries Leading to Excessive Resource Allocation” to identify potential exploitation attempts based on query patterns.
  • Review and restrict access controls to the Db2 database to minimize the attack surface and prevent unauthorized query execution.

Detection coverage 2

Detect Suspicious Db2 Queries Leading to Excessive Resource Allocation

medium

Detects CVE-2026-1718 exploitation attempt — SQL queries that may lead to excessive resource allocation in IBM Db2.

sigma tactics: impact techniques: T1499.001 sources: database, db2

Detect Db2 Autonomous Transaction Use

low

Detects the usage of autonomous transactions in IBM Db2, which are required for CVE-2026-1718 exploitation.

sigma tactics: impact techniques: T1499.001 sources: database, db2

Detection queries are available on the platform. Get full rules →