CVE-2026-3172

Summary

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.

Affected Software

VendorProductVersion RangeStatus
n/apgvector0.8.0 < 0.8.2affected
n/apgvector0.7.0affected
n/apgvector0.6.0affected

Weaknesses

  • CWE-191: Integer Underflow or Wraparound
  • CWE-787: Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References