CVE-2026-6053
Analyzed Analyzed - Analysis Complete
Denial of Service in IBM Db2 Database

Publication date: 2026-05-27

Last updated on: 2026-05-28

Assigner: IBM Corporation

Description
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-28
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6053
EUVD
EUVD-2026-32490
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ibm db2 From 11.5.0 (inc) to 11.5.9 (inc)
ibm db2 From 12.1.0 (inc) to 12.1.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-6053 is a vulnerability in IBM Db2 versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4. It allows a denial of service (DoS) attack when a specially crafted query is executed on range partitioned tables.

The issue occurs due to improper resource allocation without limits or throttling, which can cause memory allocation failures and disrupt the normal operation of the database.

Impact Analysis

This vulnerability can cause a denial of service condition in IBM Db2, meaning that the database service can become unavailable or unresponsive when a maliciously crafted query is run.

Such an impact can disrupt business operations that rely on the database, potentially causing downtime and loss of availability of critical data.

Detection Guidance

IBM does not disclose exploit details or specific detection commands for CVE-2026-6053 to prevent misuse.

Detection would generally involve identifying if your system is running affected versions of IBM Db2 (11.5.0 through 11.5.9 or 12.1.0 through 12.1.4) and if range partitioned tables are in use.

No specific commands or network detection methods are provided in the available information.

Mitigation Strategies

Immediate mitigation steps include applying the interim fixes provided by IBM for the latest supported versions (11.5.9 and 12.1.4), which can be downloaded from IBM Fix Central.

Workarounds include disabling intra-parallelism or ensuring sufficient memory is allocated in the application heap to prevent memory allocation failures that lead to denial of service.

Customers are also advised to subscribe to IBM security bulletins for future updates and patches.

Compliance Impact

The provided information does not specify how this denial of service vulnerability in IBM Db2 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6053. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart