← All CVEs

CVE-2026-3676

MEDIUM 6.5

Published 2026-05-27 · Last modified 2026-05-27

IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of the Fenced environment.

NO EXPLOITATION SIGNALS

No known exploitation, public exploit, or elevated probability at this time. Track for changes.

Exploitation likelihood

0.4%chance of exploitation in 30 days · 32nd percentile

○ In CISA KEV ○ Public exploit / PoC

Impact if exploited

6.5CVSS 3.1 · MEDIUM

  • ConfidentialityNone
  • IntegrityNone
  • AvailabilityHigh

What an attacker needs

  • Access: Reachable over the network — no local access needed
  • Privileges: Requires a low-privilege account
  • User interaction: No user interaction needed
  • Complexity: No special conditions — reliably repeatable

✓ lowers the bar for an attacker · ⚠ raises it

Affected

Vendors Ibm

Products Cloud Apm, Base Private Cloud Apm, Advanced Private

Weakness (CWE)

  • CWE-1284

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

Patches & mitigations

Sources: NVD · CVE.org · EPSS