CVE-2026-2003

Medium CVSS: 4.3

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Vendor

Postgresql

Product

Postgresql

CWE

CWE-1287

Yayın Tarihi

2026-02-12 14:16:02

Güncelleme

2026-02-20 19:53:43

Source Identifier

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

KEV Date Added

Kategoriler

CWE-1287 Postgresql MEDIUM Postgresql 2026

Referanslar

https://www.postgresql.org/support/security/CVE-2026-2003/

Benzer Kayıtlar

High

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object cre…

High

CVE-2026-2005

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating syst…

High

CVE-2026-2006

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted…

High

CVE-2026-2007

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string.…

High

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is config…