← Back

CVE-2026-2007

nvd nist
Published: Feb 12, 2026Modified: Feb 20, 2026

JSON object

Loading...
8.2
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Exploitability: 3.9 / Impact: 4.2
Source: f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 (Secondary)

Description

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.

Affected (1)

Postgresql
1 product
Postgresql
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Postgresql
From 18.0 to 18.2

Related CWEs

CWE-122
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (1)

Source: f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
Vendor Advisory

Timeline

No history available yet.