CVE-2026-2007

High CVSS: 8.2

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.

Vendor

Postgresql

Product

Postgresql

CWE

CWE-122

Yayın Tarihi

2026-02-12 14:16:02

Güncelleme

2026-02-20 19:54:44

Source Identifier

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

KEV Date Added

Kategoriler

CWE-122 Postgresql HIGH Postgresql 2026

Referanslar

https://www.postgresql.org/support/security/CVE-2026-2007/

Benzer Kayıtlar

Medium

CVE-2026-2003

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory.…

High

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object cre…

High

CVE-2026-2005

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating syst…

High

CVE-2026-2006

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted…

High

CVE-2025-49146

pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is config…