VYPR
← All advisories
High severity7.8NVD Advisory· Published May 27, 2026· Updated May 27, 2026

CVE-2026-3623

CVE-2026-3623

Description

IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successful exploitation also enables modification or removal of system‑wide files and the installation of persistent backdoors. This results in full system compromise with complete loss of confidentiality, integrity, and availability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Netezza Performance Server Replication Services allows low-privileged users to escalate to root, enabling full system compromise.

Vulnerability

A privilege escalation vulnerability exists in IBM Netezza Performance Server Replication Services versions 3.0.2.0 through 3.0.5.0. The flaw allows an attacker with low-privileged access to escalate to root due to execution with unnecessary privileges (CWE-250) [1].

Exploitation

An attacker needs low-privileged access to the system. No user interaction is required. The attacker can execute root-level commands, obtain a root shell, and change the root password [1].

Impact

Successful exploitation results in full system compromise: the attacker can execute arbitrary commands as root, modify or delete system-wide files, and install persistent backdoors, leading to complete loss of confidentiality, integrity, and availability [1].

Mitigation

The vulnerability is fixed in IBM Netezza Performance Server Replication Services version 3.0.5.1. No workarounds are available [1].

References
  1. Security Bulletin: Vulnerabilities exists in IBM Netezza Performance Server Replication Services

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.