CVE-2026-2006

HIGH

RHSA-2026:4544 Red Hat Security Advisory: postgresql:16 security update

Details

CVSS v3: 8.8
NVD published: 2026-02-12 14:16:02
EPSS: <0.1% probability · 22.4th percentile — 2026-03-12
Affected versions: cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
Summary: Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Remediation: Not available in our cache.
Exploit info: Not available in our cache.

TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.

Subscribe — free email digest or paid plan

Information is aggregated from multiple authoritative sources for convenience; verify with NVD and vendors before operational decisions.