CVE-2026-4427

ADVISORY - github

Summary

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service (DoS) due to a slice bounds out of range panic.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-129⁠

Improper Validation of Array Index

ADVISORY - github

CWE-129⁠

Improper Validation of Array Index

ADVISORY - redhat

CWE-129⁠

Improper Validation of Array Index

Impacted images

Advisories

NIST

CREATED

16 hours ago

UPDATED

16 hours ago

ADVISORY IDCVE-2026-4427⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high

GitHub

CREATED

16 hours ago

UPDATED

12 hours ago

ADVISORY IDGHSA-x6gf-mpr2-68h6⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high

Debian

CREATED

8 hours ago

UPDATED

3 hours ago

ADVISORY IDCVE-2026-4427⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Red Hat

CREATED

2 days ago

UPDATED

5 hours ago

ADVISORY IDCVE-2026-4427⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

7.5high