HIGH🇬🇧 English

CVE-2026-2004

CVSS 8.8v3.1pub. 2026-02-12upd. 2026-06-30

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • PostgreSQL

    APP
    Postgresql
    14.0 – 14.21 (bez)15.0 – 15.16 (bez)16.0 – 16.12 (bez)17.0 – 17.8 (bez)18.0 – 18.2 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2015-0244CRITICAL9.8ten sam produkt

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1...

CVE-2015-3166CRITICAL9.8ten sam produkt

The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x befor...

CVE-2019-10211CRITICAL9.8ten sam produkt

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via bundled Ope...

CVE-2018-16850CRITICAL9.8ten sam produkt

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE...

CVE-2018-1115CRITICAL9.1ten sam produkt

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog.pg_logfile_rot...

CVE-2026-2004 — HIGH 8.8 | CVEbaza.pl