Release Notes
Abstract
This document lists the rapid response updates for IBM Guardium Database Protection Service (DPS) since the last Quarterly DPS patch. Common Vulnerabilities and Exposures (CVE) with a Common Vulnerability Scoring System (CVSS) score of 7 or higher trigger a rapid response workflow and new tests are released within 5-7 business days through ad hoc Rapid Response DPS updates. DPS only covers CVE related to database servers. CVE related to applications that use the database server are out of scope.
Content
This document is intended for Guardium Data Protection and Guardium Vulnerability Assessment version 11.x and 12.x clients. DPS updates are separate from Guardium Data Protection patch updates (GPU) and bundle patches. To stay current, you must upload the latest Quarterly DPS and the latest Rapid Response DPS available on IBM Support Fix Central to keep your vulnerability assessment tests current with industry best practices and help protect against newly discovered vulnerabilities. Rapid Response DPS updates are cumulative and contain all of the previous Rapid Response DPS data since the last Quarterly DPS update. For more information, see Installing IBM Guardium Database Protection Service updates.
To have the DPS process automatically update your security assessments with future CVE or authorized program analysis report (APAR) tests, modify your security assessment and check the box after "Automatically add all future CVE or APAR tests after DPS uploaded".
Note: If you plan to apply any Guardium Data Protection patch, ad hoc, upgrade, or bundle after you apply a Rapid Response DPS, you must apply the latest Rapid Response DPS file since the last Quarterly DPS, up until the next Quarterly DPS (which is cumulative and will contain all previous Rapid Response DPS data).
DPS files
| Version | Filename and MD5SUM |
|---|---|
| 12.x | Filename: ebeb296b220a3f390fca39acf19e7179 MD5SUM: Guardium_V12_Rapid_Response_DPS_For_2026_Q2_20260526.enc |
| 11.x | Filename: Guardium_V11_Rapid_Response_DPS_For_2026_Q2_20260526.enc MD5SUM: 11af49ae1975490f02f8f39c7c46757d |
New tests for 26 May 2026 Rapid Response DPS
| Version | Test name | Test ID | Description | Database type |
|---|---|---|---|---|
| 11.x, 12.x | CVE-2026-6914 | 10051 | Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server v7.0 versions prior to 7.0.32 | MONGODB |
| 11.x, 12.x | CVE-2026-8053 | 10052 | An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series bucket catalog. Under certain conditions this can result in arbitrary code execution. This issue impacts MongoDB Server v5.0 versions prior to 5.0.33, v6.0 versions prior to 6.0.28, v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2. | MONGODB |
| 11.x, 12.x | CVE-2026-8201 | 10053 | A use-after-free vulnerability exists in MongoDB's Field-Level Encryption (FLE) query analysis component, affecting client-side uses of mongocryptd and crypt_shared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server s mongocryptd component v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2. | MONGODB |
| 11.x, 12.x | CVE-2026-32167 | 10041 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. | MS SQL SERVER |
| 11.x, 12.x | CVE-2026-32176 | 10042 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. | MS SQL SERVER |
| 11.x, 12.x | CVE-2026-33120 | 10043 | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. | MS SQL SERVER |
| 11.x, 12.x | CVE-2026-6473 | 10044 | Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | POSTGRESQL |
| 11.x, 12.x | CVE-2026-6475 | 10045 | Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | POSTGRESQL |
| 11.x, 12.x | CVE-2026-6476 | 10046 | SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected. | POSTGRESQL |
| 11.x, 12.x | CVE-2026-6477 | 10047 | Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | POSTGRESQL |
| 11.x, 12.x | CVE-2026-6479 | 10048 | Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | POSTGRESQL |
| 11.x, 12.x | CVE-2026-6637 | 10049 | Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | POSTGRESQL |
| 11.x, 12.x | CVE-2026-6638 | 10050 | SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18, minor versions before PostgreSQL 18.4, 17.10, and 16.14 are affected. Versions before PostgreSQL 16 are unaffected. | POSTGRESQL |
[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"ARM Category":[{"code":"a8m0z000000cvkbAAA","label":"DPS"},{"code":"a8m3p000000PCTuAAO","label":"Platform\/Installation\/Deployment"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
26 May 2026
UID
ibm17274014