Security Advisory

CVE-2026-2006

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-12 13:00:10

Last updated 2026-02-26 14:44:21

Assigner PostgreSQL

State PUBLISHED

Description

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

← Browse all CVEs View on cve.org ↗