Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-2005 (GCVE-0-2026-2005)
Vulnerability from cvelistv5 – Published: 2026-02-12 13:00 – Updated: 2026-02-26 14:44
VLAI
EPSS
Title
PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
Summary
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Severity
8.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | PostgreSQL |
Affected:
18 , < 18.2
(rpm)
Affected: 17 , < 17.8 (rpm) Affected: 16 , < 16.12 (rpm) Affected: 15 , < 15.16 (rpm) Affected: 0 , < 14.21 (rpm) |
Credits
The PostgreSQL project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2005",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-13T04:56:32.671453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T14:44:21.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PostgreSQL",
"vendor": "n/a",
"versions": [
{
"lessThan": "18.2",
"status": "affected",
"version": "18",
"versionType": "rpm"
},
{
"lessThan": "17.8",
"status": "affected",
"version": "17",
"versionType": "rpm"
},
{
"lessThan": "16.12",
"status": "affected",
"version": "16",
"versionType": "rpm"
},
{
"lessThan": "15.16",
"status": "affected",
"version": "15",
"versionType": "rpm"
},
{
"lessThan": "14.21",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "attacker has permission to install pgcrypto or pass arbitrary ciphertext to an already-installed pgcrypto"
}
],
"credits": [
{
"lang": "en",
"value": "The PostgreSQL project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T13:00:09.784Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"url": "https://www.postgresql.org/support/security/CVE-2026-2005/"
}
],
"title": "PostgreSQL pgcrypto heap buffer overflow executes arbitrary code"
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2026-2005",
"datePublished": "2026-02-12T13:00:09.784Z",
"dateReserved": "2026-02-05T18:17:55.613Z",
"dateUpdated": "2026-02-26T14:44:21.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-2005",
"date": "2026-05-29",
"epss": "0.00039",
"percentile": "0.12241"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-2005\",\"sourceIdentifier\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"published\":\"2026-02-12T14:16:02.350\",\"lastModified\":\"2026-02-20T19:54:02.243\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.21\",\"matchCriteriaId\":\"4BCEAB7B-E4FC-4F9F-A1F9-62EA7DD6D6CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0\",\"versionEndExcluding\":\"15.16\",\"matchCriteriaId\":\"4B408DAF-2DCD-45FE-94EE-BC84947A41C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndExcluding\":\"16.12\",\"matchCriteriaId\":\"6353A59B-FE67-4DD5-B0E6-C10F0D2358D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0\",\"versionEndExcluding\":\"17.8\",\"matchCriteriaId\":\"E2CCF450-C726-403A-975F-B5717E92A769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.0\",\"versionEndExcluding\":\"18.2\",\"matchCriteriaId\":\"6B872502-5316-4E79-8FA1-24E5D8222C39\"}]}]}],\"references\":[{\"url\":\"https://www.postgresql.org/support/security/CVE-2026-2005/\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2005\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-13T04:56:32.671453Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-12T14:31:55.897Z\"}}], \"cna\": {\"title\": \"PostgreSQL pgcrypto heap buffer overflow executes arbitrary code\", \"credits\": [{\"lang\": \"en\", \"value\": \"The PostgreSQL project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"PostgreSQL\", \"versions\": [{\"status\": \"affected\", \"version\": \"18\", \"lessThan\": \"18.2\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"17\", \"lessThan\": \"17.8\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"16\", \"lessThan\": \"16.12\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"15\", \"lessThan\": \"15.16\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"14.21\", \"versionType\": \"rpm\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.postgresql.org/support/security/CVE-2026-2005/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"Heap-based Buffer Overflow\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"attacker has permission to install pgcrypto or pass arbitrary ciphertext to an already-installed pgcrypto\"}], \"providerMetadata\": {\"orgId\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"shortName\": \"PostgreSQL\", \"dateUpdated\": \"2026-02-12T13:00:09.784Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-2005\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T14:44:21.494Z\", \"dateReserved\": \"2026-02-05T18:17:55.613Z\", \"assignerOrgId\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"datePublished\": \"2026-02-12T13:00:09.784Z\", \"assignerShortName\": \"PostgreSQL\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
alsa-2026:19009
Vulnerability from osv_almalinux
Published
2026-05-19 00:00
Modified
2026-05-26 12:34
Summary
Important: postgresql18 security update
Details
PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package.
Security Fix(es):
- postgresql: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory (CVE-2026-2007)
- postgresql: PostgreSQL oidvector discloses a few bytes of memory (CVE-2026-2003)
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql18"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.3-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql18-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.3-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql18-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.3-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql18-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.3-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql18-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.3-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql18-private-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.3-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql18-private-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.3-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql18-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.3-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql18-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.3-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql18-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.3-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql18-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.3-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql18-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.3-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql18-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.3-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql18-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "18.3-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you\u0027ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory (CVE-2026-2007)\n * postgresql: PostgreSQL oidvector discloses a few bytes of memory (CVE-2026-2003)\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:19009",
"modified": "2026-05-26T12:34:12Z",
"published": "2026-05-19T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:19009"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2003"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2007"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439320"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439322"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2026-19009.html"
}
],
"related": [
"CVE-2026-2007",
"CVE-2026-2003",
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql18 security update"
}
alsa-2026:19010
Vulnerability from osv_almalinux
Published
2026-05-19 00:00
Modified
2026-05-26 12:34
Summary
Important: postgresql16 security update
Details
PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package.
Security Fix(es):
- postgresql: PostgreSQL oidvector discloses a few bytes of memory (CVE-2026-2003)
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-private-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-private-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you\u0027ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL oidvector discloses a few bytes of memory (CVE-2026-2003)\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:19010",
"modified": "2026-05-26T12:34:17Z",
"published": "2026-05-19T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:19010"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2003"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439322"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2026-19010.html"
}
],
"related": [
"CVE-2026-2003",
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql16 security update"
}
alsa-2026:3730
Vulnerability from osv_almalinux
Published
2026-03-04 00:00
Modified
2026-03-11 10:01
Summary
Important: postgresql security update
Details
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-private-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-private-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.el9_7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced object-relational database management system (DBMS). \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:3730",
"modified": "2026-03-11T10:01:08Z",
"published": "2026-03-04T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:3730"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-3730.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql security update"
}
alsa-2026:3887
Vulnerability from osv_almalinux
Published
2026-03-05 00:00
Modified
2026-03-06 13:21
Summary
Important: postgresql16 security update
Details
PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package.
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.el10_1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you\u0027ll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:3887",
"modified": "2026-03-06T13:21:48Z",
"published": "2026-03-05T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:3887"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2026-3887.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql16 security update"
}
alsa-2026:3896
Vulnerability from osv_almalinux
Published
2026-03-05 00:00
Modified
2026-03-10 19:52
Summary
Important: postgresql:15 security update
Details
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.8-2.module_el9.5.0+119+18833d03"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.0-1.module_el9.3.0+52+21733919"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgres-decoderbufs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.7-1.Final.module_el9.3.0+52+21733919"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-private-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-private-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el9.7.0+214+91f631df"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced object-relational database management system (DBMS). \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:3896",
"modified": "2026-03-10T19:52:06Z",
"published": "2026-03-05T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:3896"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-3896.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql:15 security update"
}
alsa-2026:4024
Vulnerability from osv_almalinux
Published
2026-03-09 00:00
Modified
2026-03-11 09:52
Summary
Important: postgresql:13 security update
Details
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.6-3.module_el8.6.0+2760+1746ec94"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.6-3.module_el8.6.0+3095+ee60d910"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.0-1.module_el8.6.0+2760+1746ec94"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.0-1.module_el8.6.0+3095+ee60d910"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgres-decoderbufs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.0-2.module_el8.6.0+2760+1746ec94"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgres-decoderbufs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.0-2.module_el8.6.0+3095+ee60d910"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.23-2.module_el8.10.0+4124+c9cb0592"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced object-relational database management system (DBMS). \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:4024",
"modified": "2026-03-11T09:52:09Z",
"published": "2026-03-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:4024"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-4024.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql:13 security update"
}
alsa-2026:4059
Vulnerability from osv_almalinux
Published
2026-03-09 00:00
Modified
2026-03-11 09:49
Summary
Important: postgresql:15 security update
Details
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.8-1.module_el8.9.0+3706+885c732e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.0-1.module_el8.9.0+3706+885c732e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgres-decoderbufs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.7-1.Final.module_el8.9.0+3706+885c732e"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-private-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-private-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.17-1.module_el8.10.0+4127+dc6e3c5c"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced object-relational database management system (DBMS). \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:4059",
"modified": "2026-03-11T09:49:31Z",
"published": "2026-03-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:4059"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-4059.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql:15 security update"
}
alsa-2026:4063
Vulnerability from osv_almalinux
Published
2026-03-09 00:00
Modified
2026-03-11 09:46
Summary
Important: postgresql:16 security update
Details
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1-1.module_el8.10.0+3930+ecf33554"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.0-1.module_el8.10.0+3798+606ebb9f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgres-decoderbufs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.0-1.Final.module_el8.10.0+3798+606ebb9f"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-private-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-private-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el8.10.0+4125+ceaf7d1b"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced object-relational database management system (DBMS). \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:4063",
"modified": "2026-03-11T09:46:43Z",
"published": "2026-03-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:4063"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-4063.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql:16 security update"
}
alsa-2026:4064
Vulnerability from osv_almalinux
Published
2026-03-09 00:00
Modified
2026-03-11 09:29
Summary
Important: postgresql:12 security update
Details
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.6-3.module_el8.9.0+3704+f1f917ce"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.0-7.module_el8.9.0+3740+0e74851f.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.0-7.module_el8.10.0+3889+48cb11fb.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgres-decoderbufs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.0-2.module_el8.9.0+3704+f1f917ce"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "12.22-6.module_el8.10.0+4123+1638d348"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced object-relational database management system (DBMS). \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:4064",
"modified": "2026-03-11T09:29:57Z",
"published": "2026-03-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:4064"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-4064.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql:12 security update"
}
alsa-2026:4110
Vulnerability from osv_almalinux
Published
2026-03-09 00:00
Modified
2026-03-10 19:55
Summary
Important: postgresql:16 security update
Details
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
- postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
- postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
- postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "pg_repack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.1-1.module_el9.6.0+146+c54fdeca"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "pgaudit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.0-1.module_el9.4.0+66+eb9878bc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "pgvector"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6.2-2.module_el9.6.0+167+4e561146"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.3-3.module_el9.7.0+187+2286ff0a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgis-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.3-3.module_el9.7.0+187+2286ff0a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgis-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.3-3.module_el9.7.0+187+2286ff0a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgis-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.3-3.module_el9.7.0+187+2286ff0a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgis-utils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.3-3.module_el9.7.0+187+2286ff0a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgres-decoderbufs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.0-1.Final.module_el9.4.0+66+eb9878bc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-contrib"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-plperl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-plpython3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-pltcl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-private-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-private-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-server-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-static"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-test-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-upgrade"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "postgresql-upgrade-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "16.13-1.module_el9.7.0+213+65e1da69"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "PostgreSQL is an advanced object-relational database management system (DBMS). \n\nSecurity Fix(es): \n\n * postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n * postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n * postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:4110",
"modified": "2026-03-10T19:55:53Z",
"published": "2026-03-09T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:4110"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2003"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2004"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2005"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-2006"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439324"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439325"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2439326"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-4110.html"
}
],
"related": [
"CVE-2026-2006",
"CVE-2026-2004",
"CVE-2026-2005"
],
"summary": "Important: postgresql:16 security update"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…