CVE-2026-6052

IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables

Assigner: ibm
Reserved: 09.04.2026 Published: 27.05.2026 Updated: 27.05.2026

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 6.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	Db2
Versions	affected from 11.5.0 to 11.5.9 (incl.) affected from 12.1.0 to 12.1.4 (incl.)

Vendor

IBM

Product

Db2

Versions

affected from 11.5.0 to 11.5.9 (incl.)
affected from 12.1.0 to 12.1.4 (incl.)

Workarounds

Do not use Multi-Clustering-Dimensional (MDC) tables

Solutions

Customers running any vulnerable affected level of an affected Program, V11.5, and V12.1, can download the special build containing the interim fix for this issue from Fix Central. These special builds are available based on the most recent level for each impacted release: V11.5.9, and V12.1.4. They can be applied to any affected level of the appropriate release to remediate this vulnerability.

ReleaseFixed in mod packAPARDownload URLV11.5TBD https://www.ibm.com/support/pages/node/7087189

V12.1

TBD

https://www.ibm.com/support/pages/node/7267513

IBM does not disclose key Db2 functionality nor replication steps for a vulnerability to avoid providing too much information to any potential malicious attacker. IBM does not want to enable a malicious attacker with sufficient knowledge to craft an exploit of the vulnerability.