Home / Vulnerability Intelligence / CVE-2026-2007

CVE-2026-2007 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: February 12, 2026

PostgreSQL - Buffer Overflow

Published: February 12, 2026Updated: February 12, 2026Remote Exploitable

Overview

PostgreSQL 18.0 and 18.1 contain a heap buffer overflow caused by crafted input string in pg_trgm, letting database users potentially escalate privileges, exploit requires database user access.

Severity & Score

Severity: High

CVSS Score: 8.2

EPSS Score: 4.0%(Probability of exploitation in next 30 days)

Impact

Database users can exploit heap buffer overflow to potentially escalate privileges or cause other unknown impacts.

Mitigation

Update to the latest PostgreSQL version beyond 18.1.

References

https://www.postgresql.org/support/security/CVE-2026-2007/

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 12, 2026

🟠 CVE-2026-2007 - High (8.2) Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks tha... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-2007/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-2007
Severity: High
CVSS Score: 8.2
Type: buffer_overflow
Status: unconfirmed
EPSS: 4.0%
Social Posts: 1

CWE

CWE-122

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

EPSS Score

4.0%Probability of exploitation in the next 30 days