Home / Vulnerability Intelligence / CVE-2026-2005

CVE-2026-2005 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: February 12, 2026

PostgreSQL - Buffer Overflow

Published: February 12, 2026Updated: February 12, 2026Remote Exploitable

Overview

PostgreSQL < 18.2, 17.8, 16.12, 15.16, and 14.21 contains a buffer overflow caused by improper heap handling in pgcrypto, letting ciphertext providers execute arbitrary code as the OS user running the database, exploit requires ciphertext provider privileges.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 5.5%(Probability of exploitation in next 30 days)

Impact

Ciphertext providers can execute arbitrary code as the OS user running the database, potentially leading to full system compromise.

Mitigation

Upgrade to PostgreSQL 18.2, 17.8, 16.12, 15.16, 14.21 or later.

References

https://www.postgresql.org/support/security/CVE-2026-2005/

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 12, 2026

🟠 CVE-2026-2005 - High (8.8) Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2005/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-2005
Severity: High
CVSS Score: 8.8
Type: buffer_overflow
Status: unconfirmed
EPSS: 5.5%
Social Posts: 1

CWE

CWE-122

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

5.5%Probability of exploitation in the next 30 days