Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-2004 (GCVE-0-2026-2004)
Vulnerability from cvelistv5 – Published: 2026-02-12 13:00 – Updated: 2026-02-26 14:44
VLAI?
EPSS
Title
PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
Summary
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Severity ?
8.8 (High)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | PostgreSQL |
Affected:
18 , < 18.2
(rpm)
Affected: 17 , < 17.8 (rpm) Affected: 16 , < 16.12 (rpm) Affected: 15 , < 15.16 (rpm) Affected: 0 , < 14.21 (rpm) |
Credits
The PostgreSQL project thanks Daniel Firer, as part of zeroday.cloud, for reporting this problem.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T04:56:33.418080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:21.641Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PostgreSQL",
"vendor": "n/a",
"versions": [
{
"lessThan": "18.2",
"status": "affected",
"version": "18",
"versionType": "rpm"
},
{
"lessThan": "17.8",
"status": "affected",
"version": "17",
"versionType": "rpm"
},
{
"lessThan": "16.12",
"status": "affected",
"version": "16",
"versionType": "rpm"
},
{
"lessThan": "15.16",
"status": "affected",
"version": "15",
"versionType": "rpm"
},
{
"lessThan": "14.21",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "Attacker has permission to install a vulnerable extension, e.g. intarray. Alternatively, a vulnerable extension is already installed, and the attacker has permission to create objects (temporary objects or non-temporary objects in at least one schema)."
}
],
"credits": [
{
"lang": "en",
"value": "The PostgreSQL project thanks Daniel Firer, as part of zeroday.cloud, for reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T13:00:08.857Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"url": "https://www.postgresql.org/support/security/CVE-2026-2004/"
}
],
"title": "PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code"
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2026-2004",
"datePublished": "2026-02-12T13:00:08.857Z",
"dateReserved": "2026-02-05T18:17:54.681Z",
"dateUpdated": "2026-02-26T14:44:21.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-2004",
"date": "2026-05-20",
"epss": "0.00059",
"percentile": "0.18526"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-2004\",\"sourceIdentifier\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"published\":\"2026-02-12T14:16:02.213\",\"lastModified\":\"2026-02-20T19:53:53.960\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.21\",\"matchCriteriaId\":\"4BCEAB7B-E4FC-4F9F-A1F9-62EA7DD6D6CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0\",\"versionEndExcluding\":\"15.16\",\"matchCriteriaId\":\"4B408DAF-2DCD-45FE-94EE-BC84947A41C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndExcluding\":\"16.12\",\"matchCriteriaId\":\"6353A59B-FE67-4DD5-B0E6-C10F0D2358D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.8\",\"matchCriteriaId\":\"E2CCF450-C726-403A-975F-B5717E92A769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.0\",\"versionEndExcluding\":\"18.2\",\"matchCriteriaId\":\"6B872502-5316-4E79-8FA1-24E5D8222C39\"}]}]}],\"references\":[{\"url\":\"https://www.postgresql.org/support/security/CVE-2026-2004/\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2004\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-13T04:56:33.418080Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-12T14:32:49.462Z\"}}], \"cna\": {\"title\": \"PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code\", \"credits\": [{\"lang\": \"en\", \"value\": \"The PostgreSQL project thanks Daniel Firer, as part of zeroday.cloud, for reporting this problem.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"PostgreSQL\", \"versions\": [{\"status\": \"affected\", \"version\": \"18\", \"lessThan\": \"18.2\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"17\", \"lessThan\": \"17.8\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"16\", \"lessThan\": \"16.12\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"15\", \"lessThan\": \"15.16\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"14.21\", \"versionType\": \"rpm\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.postgresql.org/support/security/CVE-2026-2004/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1287\", \"description\": \"Improper Validation of Specified Type of Input\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"Attacker has permission to install a vulnerable extension, e.g. intarray. Alternatively, a vulnerable extension is already installed, and the attacker has permission to create objects (temporary objects or non-temporary objects in at least one schema).\"}], \"providerMetadata\": {\"orgId\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"shortName\": \"PostgreSQL\", \"dateUpdated\": \"2026-02-12T13:00:08.857Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-2004\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T14:44:21.641Z\", \"dateReserved\": \"2026-02-05T18:17:54.681Z\", \"assignerOrgId\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"datePublished\": \"2026-02-12T13:00:08.857Z\", \"assignerShortName\": \"PostgreSQL\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0164
Vulnerability from certfr_avis - Published: 2026-02-13 - Updated: 2026-02-13
De multiples vulnérabilités ont été découvertes dans PostgreSQL. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| PostgreSQL | PostgreSQL | PostgreSQL versions 16.x antérieures à 16.12 | ||
| PostgreSQL | PostgreSQL | PostgreSQL versions 18.x antérieures à 18.2 | ||
| PostgreSQL | PostgreSQL | PostgreSQL versions antérieures à 14.21 | ||
| PostgreSQL | PostgreSQL | PostgreSQL versions 17.x antérieures à 17.8 | ||
| PostgreSQL | PostgreSQL | PostgreSQL versions 15.x antérieures à 15.16 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "PostgreSQL versions 16.x ant\u00e9rieures \u00e0 16.12",
"product": {
"name": "PostgreSQL",
"vendor": {
"name": "PostgreSQL",
"scada": false
}
}
},
{
"description": "PostgreSQL versions 18.x ant\u00e9rieures \u00e0 18.2",
"product": {
"name": "PostgreSQL",
"vendor": {
"name": "PostgreSQL",
"scada": false
}
}
},
{
"description": "PostgreSQL versions ant\u00e9rieures \u00e0 14.21",
"product": {
"name": "PostgreSQL",
"vendor": {
"name": "PostgreSQL",
"scada": false
}
}
},
{
"description": "PostgreSQL versions 17.x ant\u00e9rieures \u00e0 17.8",
"product": {
"name": "PostgreSQL",
"vendor": {
"name": "PostgreSQL",
"scada": false
}
}
},
{
"description": "PostgreSQL versions 15.x ant\u00e9rieures \u00e0 15.16",
"product": {
"name": "PostgreSQL",
"vendor": {
"name": "PostgreSQL",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-2006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
},
{
"name": "CVE-2026-2005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
},
{
"name": "CVE-2026-2003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
},
{
"name": "CVE-2026-2007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2007"
},
{
"name": "CVE-2026-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2004"
}
],
"initial_release_date": "2026-02-13T00:00:00",
"last_revision_date": "2026-02-13T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0164",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PostgreSQL. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans PostgreSQL",
"vendor_advisories": [
{
"published_at": "2026-02-12",
"title": "Bulletin de s\u00e9curit\u00e9 PostgreSQL postgresql-182-178-1612-1516-and-1421-released-3235",
"url": "https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/"
}
]
}
alsa-2026:3730
Vulnerability from osv_almalinux
Published
2026-03-04 00:00
Modified
2026-03-11 10:01
Summary
Important: postgresql security update
Details
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-private-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-private-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced object-relational database management system (DBMS). \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:3730",
"modified": "2026-03-11T10:01:08Z",
"published": "2026-03-04T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:3730"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-3730.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql security update"
}
alsa-2026:3887
Vulnerability from osv_almalinux
Published
2026-03-05 00:00
Modified
2026-03-06 13:21
Summary
Important: postgresql16 security update
Details
PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package.
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-private-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-private-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you\u0027ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:3887",
"modified": "2026-03-06T13:21:51Z",
"published": "2026-03-05T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:3887"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2026-3887.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql16 security update"
}
alsa-2026:3896
Vulnerability from osv_almalinux
Published
2026-03-05 00:00
Modified
2026-03-10 19:52
Summary
Important: postgresql:15 security update
Details
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.8-2.module_el9.5.0+119+18833d03"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.0-1.module_el9.3.0+52+21733919"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgres-decoderbufs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.7-1.Final.module_el9.3.0+52+21733919"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-private-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-private-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced object-relational database management system (DBMS). \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:3896",
"modified": "2026-03-10T19:52:06Z",
"published": "2026-03-05T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:3896"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-3896.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql:15 security update"
}
alsa-2026:4024
Vulnerability from osv_almalinux
Published
2026-03-09 00:00
Modified
2026-03-11 09:52
Summary
Important: postgresql:13 security update
Details
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.6-3.module_el8.6.0+2760+1746ec94"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.6-3.module_el8.6.0+3095+ee60d910"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.0-1.module_el8.6.0+2760+1746ec94"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.0-1.module_el8.6.0+3095+ee60d910"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgres-decoderbufs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.0-2.module_el8.6.0+2760+1746ec94"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgres-decoderbufs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.0-2.module_el8.6.0+3095+ee60d910"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced object-relational database management system (DBMS). \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:4024",
"modified": "2026-03-11T09:52:09Z",
"published": "2026-03-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:4024"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-4024.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql:13 security update"
}
alsa-2026:4059
Vulnerability from osv_almalinux
Published
2026-03-09 00:00
Modified
2026-03-11 09:49
Summary
Important: postgresql:15 security update
Details
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.8-1.module_el8.9.0+3706+885c732e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.0-1.module_el8.9.0+3706+885c732e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgres-decoderbufs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.7-1.Final.module_el8.9.0+3706+885c732e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-private-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-private-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced object-relational database management system (DBMS). \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:4059",
"modified": "2026-03-11T09:49:31Z",
"published": "2026-03-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:4059"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-4059.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql:15 security update"
}
alsa-2026:4063
Vulnerability from osv_almalinux
Published
2026-03-09 00:00
Modified
2026-03-11 09:46
Summary
Important: postgresql:16 security update
Details
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1-1.module_el8.10.0+3930+ecf33554"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.0-1.module_el8.10.0+3798+606ebb9f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgres-decoderbufs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.0-1.Final.module_el8.10.0+3798+606ebb9f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-private-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-private-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced object-relational database management system (DBMS). \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:4063",
"modified": "2026-03-11T09:46:43Z",
"published": "2026-03-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:4063"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-4063.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql:16 security update"
}
alsa-2026:4064
Vulnerability from osv_almalinux
Published
2026-03-09 00:00
Modified
2026-03-11 09:29
Summary
Important: postgresql:12 security update
Details
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.6-3.module_el8.9.0+3704+f1f917ce"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.0-7.module_el8.9.0+3740+0e74851f.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.0-7.module_el8.10.0+3889+48cb11fb.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgres-decoderbufs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.0-2.module_el8.9.0+3704+f1f917ce"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced object-relational database management system (DBMS). \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:4064",
"modified": "2026-03-11T09:29:57Z",
"published": "2026-03-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:4064"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-4064.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql:12 security update"
}
alsa-2026:4110
Vulnerability from osv_almalinux
Published
2026-03-09 00:00
Modified
2026-03-10 19:55
Summary
Important: postgresql:16 security update
Details
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1-1.module_el9.6.0+146+c54fdeca"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.0-1.module_el9.4.0+66+eb9878bc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "pgvector"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.2-2.module_el9.6.0+167+4e561146"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.3-3.module_el9.7.0+187+2286ff0a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgis-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.3-3.module_el9.7.0+187+2286ff0a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgis-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.3-3.module_el9.7.0+187+2286ff0a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgis-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.3-3.module_el9.7.0+187+2286ff0a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgis-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.3-3.module_el9.7.0+187+2286ff0a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgres-decoderbufs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.0-1.Final.module_el9.4.0+66+eb9878bc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-private-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-private-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced object-relational database management system (DBMS). \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:4110",
"modified": "2026-03-10T19:55:53Z",
"published": "2026-03-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:4110"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2003"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-4110.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql:16 security update"
}
BDU:2026-01727
Vulnerability from fstec - Published: 11.02.2026
VLAI Severity ?
Title
Уязвимость функции оценки избирательности расширения Intarray системы управления базами данных PostgreSQL, позволяющая нарушителю выполнить произвольный код в контексте текущего пользователя
Description
Уязвимость функции оценки избирательности расширения Intarray системы управления базами данных PostgreSQL связана с недостаточной проверкой заданного типа входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код в контексте текущего пользователя
Severity ?
Vendor
PostgreSQL Global Development Group, Postgres Professional
Software Name
PostgreSQL, Postgres Pro Certified (запись в едином реестре российских программ №104)
Software Version
до 18.2 (PostgreSQL), до 17.8 (PostgreSQL), до 16.12 (PostgreSQL), до 15.16 (PostgreSQL), до 14.21 (PostgreSQL), до 18.2 (Postgres Pro Certified), до 17.8 (Postgres Pro Certified), до 16.12 (Postgres Pro Certified), до 15.16 (Postgres Pro Certified), до 14.21 (Postgres Pro Certified)
Possible Mitigations
Использование рекомендаций производителя:
Для PostgreSQL:
https://www.postgresql.org/support/security/CVE-2026-2004/
Для Postgres Pro Certified:
https://postgrespro.ru/products/postgrespro/certified
Reference
https://www.postgresql.org/support/security/CVE-2026-2004/
https://postgrespro.ru/products/postgrespro/certified
CWE
CWE-1287
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "PostgreSQL Global Development Group, Postgres Professional",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 18.2 (PostgreSQL), \u0434\u043e 17.8 (PostgreSQL), \u0434\u043e 16.12 (PostgreSQL), \u0434\u043e 15.16 (PostgreSQL), \u0434\u043e 14.21 (PostgreSQL), \u0434\u043e 18.2 (Postgres Pro Certified), \u0434\u043e 17.8 (Postgres Pro Certified), \u0434\u043e 16.12 (Postgres Pro Certified), \u0434\u043e 15.16 (Postgres Pro Certified), \u0434\u043e 14.21 (Postgres Pro Certified)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\n\u0414\u043b\u044f PostgreSQL:\nhttps://www.postgresql.org/support/security/CVE-2026-2004/\n\n\u0414\u043b\u044f Postgres Pro Certified:\nhttps://postgrespro.ru/products/postgrespro/certified",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.02.2026",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.02.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "11.02.2026",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2026-01727",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2026-2004",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "PostgreSQL, Postgres Pro Certified (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116104)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043e\u0446\u0435\u043d\u043a\u0438 \u0438\u0437\u0431\u0438\u0440\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f Intarray \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 PostgreSQL, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0442\u0435\u043a\u0443\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0437\u0430\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0442\u0438\u043f\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-1287)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043e\u0446\u0435\u043d\u043a\u0438 \u0438\u0437\u0431\u0438\u0440\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f Intarray \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 PostgreSQL \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0437\u0430\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0442\u0438\u043f\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0442\u0435\u043a\u0443\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.postgresql.org/support/security/CVE-2026-2004/\nhttps://postgrespro.ru/products/postgrespro/certified",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0423\u0411\u0414, \u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-1287",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…