CVE-2026-2005
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | PostgreSQL | 18 < 18.2 | affected |
| n/a | PostgreSQL | 17 < 17.8 | affected |
| n/a | PostgreSQL | 16 < 16.12 | affected |
| n/a | PostgreSQL | 15 < 15.16 | affected |
| n/a | PostgreSQL | 0 < 14.21 | affected |
Weaknesses
- CWE-122: Heap-based Buffer Overflow
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
Additional References
- https://access.redhat.com/security/cve/CVE-2026-2005
- https://bugzilla.redhat.com/show_bug.cgi?id=2439326
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2005.json
- https://access.redhat.com/errata/RHSA-2026:4441
- https://access.redhat.com/errata/RHSA-2026:3887
- https://access.redhat.com/errata/RHSA-2026:19010
- https://access.redhat.com/errata/RHSA-2026:19009
- https://access.redhat.com/errata/RHSA-2026:4064
- https://access.redhat.com/errata/RHSA-2026:4024
- https://access.redhat.com/errata/RHSA-2026:4059
- https://access.redhat.com/errata/RHSA-2026:4063
- https://access.redhat.com/errata/RHSA-2026:4506
- https://access.redhat.com/errata/RHSA-2026:4509
- https://access.redhat.com/errata/RHSA-2026:4504
- https://access.redhat.com/errata/RHSA-2026:4505
- https://access.redhat.com/errata/RHSA-2026:4516
- https://access.redhat.com/errata/RHSA-2026:4075
- https://access.redhat.com/errata/RHSA-2026:4074
- https://access.redhat.com/errata/RHSA-2026:4515
- https://access.redhat.com/errata/RHSA-2026:4518
- https://access.redhat.com/errata/RHSA-2026:4254
- https://access.redhat.com/errata/RHSA-2026:4475
- https://access.redhat.com/errata/RHSA-2026:4548
- https://access.redhat.com/errata/RHSA-2026:4544
- https://access.redhat.com/errata/RHSA-2026:4524
- https://access.redhat.com/errata/RHSA-2026:4546
- https://access.redhat.com/errata/RHSA-2026:4547
- https://access.redhat.com/errata/RHSA-2026:4528
- https://access.redhat.com/errata/RHSA-2026:3896
- https://access.redhat.com/errata/RHSA-2026:4110
- https://access.redhat.com/errata/RHSA-2026:3730
- https://access.redhat.com/errata/RHSA-2026:8756
- https://access.redhat.com/errata/RHSA-2026:4943
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.