CVE-2026-6938

Summary

IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.

Affected Software

VendorProductVersion RangeStatus
IBMDb212.1.0 <= 12.1.4affected

Weaknesses

  • CWE-285: CWE-285 Improper Authorization

Workarounds

Use LOAD COPY command db2 load from test.del of del replace into t1 copy yes to 'DB2REMOTE://'. Instead of the LOAD COPY via the regvar DB2_LOAD_COPY_NO_OVERRIDE

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References