CVE-2026-3856 MEDIUM

CVE-2026-3856: IBM Db2 Recovery Expert Missing Integrity Check

Vendor Ibm
Product Db2 Recovery Expert
Weakness CWE-353
Published March 17, 2026
Last update March 18, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission.

Key dates

02Disclosure timeline

March 17, 2026 CVE published
March 18, 2026 Record updated