CVE-2025-36366

Published: Jan 30, 2026Modified: Feb 5, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: psirt@us.ibm.com (Secondary)

Description

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination.

Affected (6)

Products: Ibm: Db2

Ibm

1 product

Db2

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Ibm Db2	From 11.5.0 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.3
Ibm Db2	From 11.5.0 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.3
Ibm Db2	From 11.5.0 to 11.5.9
Ibm Db2	From 12.1.0 to 12.1.3

Related CWEs

CWE-943

Improper Neutralization of Special Elements in Data Query Logic

The product generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

References (1)

https://www.ibm.com/support/pages/node/7257681

Source: psirt@us.ibm.com

PatchVendor Advisory

Timeline

No history available yet.