IBM Security Updates – 07 July 2026

IBM has released security updates to address several vulnerabilities affecting multiple IBM products.

The addressed vulnerabilities could allow the attacker to conduct denial-of-service attacks, bypass security restrictions, gain elevated privileges, obtain sensitive information, perform server-side request forgery and cross-site scripting attacks, execute arbitrary code, and gain access to the affected systems.

Sample of addressed vulnerabilities:

1. IBM Db2 Remote Code Execution due to Improper Pre-Auth DRDA Handshake Handling Vulnerability (CVE-2026-10109):

  • CVSS: 9.8
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Consequences: Remote Code Execution

2. IBM WebSphere Application Server Liberty Authorization Bypass Vulnerability (CVE-2026-11714):

  • CVSS: 8.5
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Consequences: Security Bypass

The affected products:

  • IBM DB2.
  • IBM WebSphere.
  • IBM DataPower Gateway.
Vulnerabilities
Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.

IBM Security Advisory

References