CVE-2026-1718
Analyzed Analyzed - Analysis Complete
Denial of Service in IBM Db2 with Autonomous Transactions

Publication date: 2026-05-27

Last updated on: 2026-06-02

Assigner: IBM Corporation

Description
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1718
EUVD
EUVD-2026-32266
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ibm db2 From 11.5.0 (inc) to 11.5.9 (inc)
ibm db2 From 12.1.0 (inc) to 12.1.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-1718 is a vulnerability in IBM Db2 versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4 on Linux systems. It allows an attacker to cause a denial of service (DoS) by executing a specially crafted query when autonomous transactions are enabled.

Impact Analysis

This vulnerability can impact you by causing a denial of service condition in your IBM Db2 database. This means that the database could become unavailable or unresponsive, potentially disrupting applications and services that rely on it.

Detection Guidance

IBM does not disclose detailed exploitation steps or specific detection commands for CVE-2026-1718 to prevent misuse.

Detection would likely involve checking if autonomous transactions are enabled in IBM Db2 versions 11.5.0 through 11.5.9 or 12.1.0 through 12.1.4 on Linux systems.

Mitigation Strategies

To mitigate CVE-2026-1718, apply the interim fixes provided by IBM through Fix Central for the affected Db2 versions.

As a recommended workaround, remove the AUTONOMOUS keyword from procedure definitions to disable autonomous transactions.

Compliance Impact

The provided information does not specify how this denial of service vulnerability in IBM Db2 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1718. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart