Skip to main content

PostgreSQL CVE-2026-2006

HIGH
Improper Validation of Array Index (CWE-129)
2026-02-12 f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
8.8
CVSS 3.1 · Vendor: f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
Share

Severity by source

Vendor (f86ef6dc-4d3a-42ad-8f28-e6d5547a5007) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
8.8 HIGH
qualitative

Primary rating from Vendor (f86ef6dc-4d3a-42ad-8f28-e6d5547a5007).

CVSS VectorVendor: f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch released
Apr 09, 2026 - 14:30 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
CVE Published
Feb 12, 2026 - 14:16 nvd
HIGH 8.8

DescriptionCVE.org

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

AnalysisAI

Arbitrary code execution in PostgreSQL results from insufficient validation of multibyte character lengths in text manipulation functions, allowing authenticated database users to trigger buffer overflows and execute commands with database process privileges. Affected versions include PostgreSQL 14.x before 14.21, 15.x before 15.16, 16.x before 16.12, 17.x before 17.8, and all versions before 18.2. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticated database user crafts query
Exploit
Exploit multibyte character length validation gap
Execution
Trigger buffer overrun in text manipulation
Impact
Execute arbitrary code as database OS user

Vulnerability AssessmentAI

Exploitation Authenticated database user account required. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 8.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker could exploit this vulnerability to compromise the affected system.
Remediation Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all PostgreSQL deployments and versions; disable direct database access for non-essential users and applications pending remediation. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-1094 HIGH POC
8.1 Feb 13

PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperl

CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2026-20253 CRITICAL POC
9.8 Jun 10

Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.

CVE-2024-10553 CRITICAL POC
9.8 Mar 20

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitra

CVE-2026-40887 CRITICAL POC
9.1 Apr 14

## Summary An unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query strin

CVE-2025-56157 CRITICAL POC
9.8 Dec 18

Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 al

CVE-2024-12909 CRITICAL POC
9.8 Mar 20

A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for

CVE-2026-30860 CRITICAL POC
9.9 Mar 07

SQL injection in WeKnora LLM document understanding framework allows authenticated users to extract arbitrary database c

CVE-2021-47748 CRITICAL POC
9.8 Jan 21

Hasura GraphQL 1.3.3 has a remote code execution vulnerability allowing attackers to execute arbitrary shell commands th

CVE-2026-27005 CRITICAL POC
9.8 Mar 06

SQL injection in Chartbrew before 4.8.3. PoC available.

CVE-2025-53005 CRITICAL POC
9.8 Jul 01

A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.

CVE-2025-53006 CRITICAL POC
9.8 Jul 02

A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.

Vendor StatusVendor

SUSE

Severity: High
Product Status
Container suse/manager/5.0/x86_64/server-migration-14-16:latest Affected
Container suse/manager/5.0/x86_64/server:latest Affected
Container suse/sl-micro/6.0/baremetal-os-container:latest Affected
Container suse/sl-micro/6.0/base-os-container:latest Container suse/sl-micro/6.1/base-os-container:2.2.1-5.40 Affected
Container suse/sl-micro/6.0/toolbox:latest Affected

Share

CVE-2026-2006 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy