VYPR
← All advisories
Medium severity5.5NVD Advisory· Published May 27, 2026· Updated May 27, 2026

CVE-2026-6051

CVE-2026-6051

Description

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM Db2 11.5.0–11.5.9 and 12.1.0–12.1.4 are vulnerable to denial of service via a specially crafted query with a small statement heap.

Vulnerability

IBM Db2 versions 11.5.0 through 11.5.9 and 12.1.0 through 12.1.4 (all editions, all platforms) are vulnerable to a denial of service when a user executes a specially crafted query while the statement heap is configured to a small size [1]. The vulnerability is classified as CWE-400 (Uncontrolled Resource Consumption) [1].

Exploitation

To exploit, an attacker must have a valid local user account (privilege level: Low, per CVSS vector) and be able to connect to the database [1]. The attacker then submits a crafted query that, due to the small statement heap, triggers uncontrolled resource consumption, leading to denial of service. No user interaction beyond the query execution is required [1].

Impact

Successful exploitation results in a denial of service condition affecting the database server's availability. The vulnerability does not impact confidentiality or integrity (C:N/I:N/A:H) [1]. The attack is local with low complexity, meaning an authenticated user can cause the database to become unresponsive.

Mitigation

IBM has released special builds containing interim fixes for the affected releases: special build #81937 or later for V11.5.9, and special build #83501 or later for V12.1.4, available from IBM Fix Central via the URLs provided in the advisory [1]. Earlier unsupported releases (10.1, 9.7, etc.) are also potentially affected but no fixes are provided for those versions [1].

References
  1. IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap (CVE-2026-6051)

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1
  • IBM/Db2llm-fuzzy
    Range: >=11.5.0 <=11.5.9, >=12.1.0 <=12.1.4

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.