CVE-2026-3856

CWE-353 CWE-4518 documents6 sources

Severity

9.1CRITICAL

EPSS

0.0%

top 99.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM DB2 Recovery Expert

Timeline

PublishedMar 17

Latest updateApr 2

Description

IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ibm/db2_recovery_expert5.5 IF 2

▶NVDibm/db2_recovery_expert5.5.0

Patches

Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-c57j-h24c-r8gw: IBM Db2 Recovery Expert for Linux, UNIX and Windows 5↗2026-03-18

▶

OSV

CVE-2026-3856: (IBM Db2 Recovery Expert for Linux, UNIX and Windows 5↗2026-03-18

▶

CVEList

IBM Db2 Recovery Expert Missing Integrity Check↗2026-03-17

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2026-5292 Out of bounds read in WebCodecs↗2026-04-02

▶

Microsoft

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability↗2026-03-10

▶

Microsoft

Chromium: CVE-2026-3910 Inappropriate implementation in V8↗2026-03-10

▶

🕵️Threat Intelligence

Wiz

CVE-2026-3856 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶