CVE-2026-3172 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: February 25, 2026
pgvector - Buffer Overflow
Published: February 25, 2026Updated: February 25, 2026Remote Exploitable
Overview
pgvector 0.6.0 through 0.8.1 contains a buffer overflow in parallel HNSW index build, letting database users leak sensitive data or crash the database server, exploit requires database user privileges.
Severity & Score
Severity: High
CVSS Score: 8.1
Impact
Database users can leak sensitive data or crash the database server, causing denial of service or information disclosure.
Mitigation
Update to a version later than 0.8.1 or the latest available version.
Related Resources
Details
- CVE ID
- CVE-2026-3172
- Severity
- High
- CVSS Score
- 8.1
- Type
- buffer_overflow
- Status
- new
CWE
- CWE-191
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H