Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (Go).
CVSS VectorVendor: Go
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Memory-safety vulnerability in github.com/jackc/pgx/v5.
AnalysisAI
Memory-safety vulnerability in github.com/jackc/pgx/v5 PostgreSQL driver library allows unauthenticated remote attackers to achieve complete system compromise with high confidentiality, integrity, and availability impact. The vulnerability resides in the pgproto3 subpackage and enables network-accessible exploitation without user interaction. Attack complexity is low, requiring no special privileges. Information disclosure confirmed via source tagging. No public exploit identified at time of analysis.
Technical ContextAI
Memory-safety flaw in pgproto3 protocol implementation component of pgx v5 PostgreSQL driver. Root cause mechanism involves unsafe memory operations during protocol message handling. Network-reachable attack vector (AV:N) with low complexity suggests exploitable condition in packet parsing or buffer management routines.
RemediationAI
Upstream fix available via Go vulnerability database (https://pkg.go.dev/vuln/GO-2026-4772); released patched version not independently confirmed at time of analysis. Consult official Go advisory for exact fixed version and update github.com/jackc/pgx/v5 dependency immediately using 'go get -u' or module version pinning. If patched release unavailable, temporarily remove pgx v5 dependency or isolate affected services from untrusted networks until vendor confirmation. Monitor https://nvd.nist.gov/vuln/detail/CVE-2026-33816 for patch release announcements. EPSS score indicates low observed exploitation activity currently.
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allVendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 16.1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Fixed |
| SUSE Manager Client Tools 15 | Fixed |
| SUSE Manager Client Tools for SLE 15 | Fixed |
| SUSE Multi-Linux Manager Client Tools for SLE 15 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Proxy LTS 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Retail Branch Server LTS 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE Manager Server LTS 4.3 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| openSUSE Leap 15.5 | Fixed |
| SUSE Multi Linux Manager Tools SLE-15 | Fixed |
| suse/cosign | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19709
GHSA-9jj7-4m8r-rfcm