CVE-2026-2004

ADVISORY - nist

Summary

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

EPSS Score⁠: 0.00115 (0.301)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-1287⁠

Improper Validation of Specified Type of Input

ADVISORY - redhat

CWE-1287⁠

Improper Validation of Specified Type of Input

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.