CVE-2026-3172

Published: Feb 25, 2026Modified: Feb 27, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploitability: 2.8 / Impact: 5.2

Source: f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 (Secondary)

Description

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.

Related CWEs

CWE-191

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (1)

https://github.com/pgvector/pgvector/issues/959

Source: f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Timeline

No history available yet.