Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
CVE-2026-3676: IBM Cloud APM and DB2 Denial of Service via Malformed Query
CVE-2026-3676
Summary
IBM Cloud APM and DB2 servers may be affected if an authenticated user sends a specially crafted query. This could cause the server to become unresponsive, making it unavailable to users. Update to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| ibm | cloud_application_performance_managemen |
8.1.4 cpe:2.3:a:ibm:cloud_application_performance_managemen:8.1.4:*:*:*:advanced_private:*:*:* |
Original title
IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of ...
Original description
IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced environment.
nvd CVSS3.1
6.5
Vulnerability type
CWE-1284
- https://www.ibm.com/support/pages/node/7273649 Vendor Advisory
Published: 27 May 2026 · Updated: 15 Jun 2026 · First seen: 2 Jun 2026