Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.2
IBM Db2 Database: XML Data Processing Security Risk
CVE-2025-36247
Summary
IBM Db2 databases version 11.5 and 12.1 are at risk of being exploited by an attacker who can access sensitive information or crash the system by sending a malicious XML file. This is a serious security risk that requires immediate attention. To protect your database, update to the latest version or apply a patch.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| ibm | db2 | > 11.5.0 , <= 11.5.9 | – |
| ibm | db2 | > 11.5.0 , <= 11.5.9 | – |
| ibm | db2 | > 11.5.0 , <= 11.5.9 | – |
| ibm | db2 | > 12.1.0 , <= 12.1.3 | – |
| ibm | db2 | > 12.1.0 , <= 12.1.3 | – |
| ibm | db2 | > 12.1.0 , <= 12.1.3 | – |
Original title
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML ...
Original description
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
nvd CVSS3.1
8.2
Vulnerability type
CWE-611
XML External Entity (XXE)
- https://www.ibm.com/support/pages/node/7259961 Vendor Advisory
Published: 17 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026