CVE-2026-2006

Medienbericht

EPSS 0.04%
Veröffentlicht 12.02.2026 13:00:10
Zuletzt bearbeitet 20.02.2026 19:54:12
Quelle f86ef6dc-4d3a-42ad-8f28-e6d554
CVE-Watchlists
Login
Unerledigt
Login

PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun.  That suffices to execute arbitrary code as the operating system user running the database.  Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 5 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Postgresql ≫ Postgresql Version >= 14.0 < 14.21

Postgresql ≫ Postgresql Version >= 15.0 < 15.16

Postgresql ≫ Postgresql Version >= 16.0 < 16.12

Postgresql ≫ Postgresql Version >= 17.0 < 17.8

Postgresql ≫ Postgresql Version >= 18.0 < 18.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.116

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://thehackernews.com/2026/05/weekly-recap-linux-rootkit-macos-crypto.html

Media Report

https://www.postgresql.org/support/security/CVE-2026-2006/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-2006

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-2006

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-2006

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-2006