Is CVE-2026-10109 being exploited?

No public exploit is currently tracked.

How severe is CVE-2026-10109?

CVE-2026-10109 has a CVSS v3 severity of CRITICAL (9.8).

Back

Description

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling.