HIGHCVE-2026-2005Published Modified CNA PostgreSQL
CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Metrics
- CVSS v3.1
- 8.8
- Severity
- HIGH
- Fixed in
- 14.21
- Affected Products
- 1
Fix available
14.2115.1616.1217.818.2
Affected packages
- n/a / PostgreSQL< 18.2 (from 18) · < 17.8 (from 17) · < 16.12 (from 16) · < 15.16 (from 15) · < 14.21 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences