CVE-2026-2006

ADVISORY - nist

Summary

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

EPSS Score⁠: 0.00075 (0.225)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-129⁠

Improper Validation of Array Index

ADVISORY - redhat

CWE-1285⁠

Improper Validation of Specified Index, Position, or Offset in Input

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.