Home

Description

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

PUBLISHED Reserved 2026-02-05 | Published 2026-02-12 | Updated 2026-02-13 | Assigner PostgreSQL




HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Heap-based Buffer Overflow

Credits

The PostgreSQL project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem.

References

www.postgresql.org/support/security/CVE-2026-2005/

cve.org (CVE-2026-2005)

nvd.nist.gov (CVE-2026-2005)

Download JSON