Home / Vulnerability Intelligence / CVE-2026-3172

CVE-2026-3172 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: February 27, 2026

pgvector - Buffer Overflow

Published: February 25, 2026Updated: February 27, 2026Remote Exploitable

Overview

pgvector 0.6.0 through 0.8.1 contains a buffer overflow in parallel HNSW index build, letting database users leak sensitive data or crash the database server, exploit requires database user privileges.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 4.2%(Probability of exploitation in next 30 days)

Impact

Database users can leak sensitive data or crash the database server, causing denial of service or information disclosure.

Mitigation

Update to a version later than 0.8.1 or the latest available version.

References

https://github.com/pgvector/pgvector/issues/959

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 26, 2026

🟠 CVE-2026-3172 - High (8.1) Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-3172/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-3172
Severity: High
CVSS Score: 8.1
Type: buffer_overflow
Status: unconfirmed
EPSS: 4.2%
Social Posts: 1

CWE

CWE-191

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Score

4.2%Probability of exploitation in the next 30 days