Home / Vulnerability Intelligence / CVE-2026-2006

CVE-2026-2006 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: February 12, 2026

PostgreSQL - Buffer Overflow

Published: February 12, 2026Updated: February 12, 2026Remote Exploitable

Overview

PostgreSQL < 18.2, 17.8, 16.12, 15.16, and 14.21 contains a buffer overflow caused by missing validation of multibyte character length in text manipulation, letting database users execute arbitrary code as the OS user, exploit requires database user privileges.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 6.4%(Probability of exploitation in next 30 days)

Impact

Database users can execute arbitrary code as the operating system user running the database, leading to full system compromise.

Mitigation

Upgrade to PostgreSQL 18.2, 17.8, 16.12, 15.16, 14.21 or later.

References

https://www.postgresql.org/support/security/CVE-2026-2006/

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 12, 2026

🟠 CVE-2026-2006 - High (8.8) Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the datab... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2006/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-2006
Severity: High
CVSS Score: 8.8
Type: buffer_overflow
Status: unconfirmed
EPSS: 6.4%
Social Posts: 1

CWE

CWE-129

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

6.4%Probability of exploitation in the next 30 days