CVE-2026-2005

Summary

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Affected Software

VendorProductVersion RangeStatus
n/aPostgreSQL18 < 18.2affected
n/aPostgreSQL17 < 17.8affected
n/aPostgreSQL16 < 16.12affected
n/aPostgreSQL15 < 15.16affected
n/aPostgreSQL0 < 14.21affected

Weaknesses

  • CWE-122: Heap-based Buffer Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code

Additional References

References