CVE-2026-2005
Published: February 15, 2026Last modified: February 18, 2026
Description
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.8 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | postgresql15 | Fixed (15.16-r0) |
| 25 LTS | postgresql17 | Fixed (17.8-r0) | |
| Stream | postgresql18 | Fixed (18.2-r1) |
References
- https://access.redhat.com/errata/RHSA-2026:19009
- https://access.redhat.com/errata/RHSA-2026:19010
- https://access.redhat.com/errata/RHSA-2026:3730
- https://access.redhat.com/errata/RHSA-2026:3887
- https://access.redhat.com/errata/RHSA-2026:3896
- https://access.redhat.com/errata/RHSA-2026:4024
- https://access.redhat.com/errata/RHSA-2026:4059
- https://access.redhat.com/errata/RHSA-2026:4063
- https://access.redhat.com/errata/RHSA-2026:4064
- https://access.redhat.com/errata/RHSA-2026:4074
- https://access.redhat.com/errata/RHSA-2026:4075
- https://access.redhat.com/errata/RHSA-2026:4110
- https://access.redhat.com/errata/RHSA-2026:4254
- https://access.redhat.com/errata/RHSA-2026:4441
- https://access.redhat.com/errata/RHSA-2026:4475
- https://access.redhat.com/errata/RHSA-2026:4504
- https://access.redhat.com/errata/RHSA-2026:4505
- https://access.redhat.com/errata/RHSA-2026:4506
- https://access.redhat.com/errata/RHSA-2026:4509
- https://access.redhat.com/errata/RHSA-2026:4515
- https://access.redhat.com/errata/RHSA-2026:4516
- https://access.redhat.com/errata/RHSA-2026:4518
- https://access.redhat.com/errata/RHSA-2026:4524
- https://access.redhat.com/errata/RHSA-2026:4528
- https://access.redhat.com/errata/RHSA-2026:4544
- https://access.redhat.com/errata/RHSA-2026:4546
- https://access.redhat.com/errata/RHSA-2026:4547
- https://access.redhat.com/errata/RHSA-2026:4548
- https://access.redhat.com/errata/RHSA-2026:4943
- https://access.redhat.com/errata/RHSA-2026:8756
- https://access.redhat.com/security/cve/CVE-2026-2005
- https://bugzilla.redhat.com/show_bug.cgi?id=2439326
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2005.json
- https://www.postgresql.org/support/security/CVE-2026-2005/