CVE-2026-2006

High CVSS: 8.8

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Vendor

Postgresql

Product

Postgresql

CWE

CWE-129

Yayın Tarihi

2026-02-12 14:16:02

Güncelleme

2026-02-20 19:54:12

Source Identifier

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

KEV Date Added

Kategoriler

CWE-129 Postgresql HIGH Postgresql 2026

Referanslar

https://www.postgresql.org/support/security/CVE-2026-2006/

Benzer Kayıtlar

Medium

CVE-2026-2003

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory.…

High

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object cre…

High

CVE-2026-2005

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating syst…

High

CVE-2026-2007

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string.…

High

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is config…