CVE-2026-2004

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21

Description A lack of input type validation within the selectivity estimator function of the PostgreSQL intarray extension can allow an attacker to execute arbitrary code as the operating system user running the database. The issue resides in the intarray extension.

Recommendations Update to PostgreSQL version 18.2 or later. Update to PostgreSQL version 17.8 or later. Update to PostgreSQL version 16.12 or later. Update to PostgreSQL version 15.16 or later. Update to PostgreSQL version 14.21 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1287

Related Identifiers

ALSA-2026:19009

ALSA-2026:19010

ALSA-2026:3730

ALSA-2026:3887

ALSA-2026:3896

ALSA-2026:4024

ALSA-2026:4059

ALSA-2026:4063

ALSA-2026:4064

ALSA-2026:4110

AZL-77423

AZL-77583

BDU:2026-01727

BIT-POSTGRESQL-2026-2004

CVE-2026-2004

ECHO-8D2D-0CEB-B0F5

JLSEC-2026-54

MGASA-2026-0041

OESA-2026-1493

OESA-2026-1494

OESA-2026-1495

OESA-2026-1496

OESA-2026-1512

OESA-2026-1513

OESA-2026-1514

OESA-2026-1515

OESA-2026-1531

OPENSUSE-SU-2026:10190-1

OPENSUSE-SU-2026:10191-1

OPENSUSE-SU-2026:10192-1

OPENSUSE-SU-2026:10193-1

OPENSUSE-SU-2026:10197-1

OPENSUSE-SU-2026:20265-1

OPENSUSE-SU-2026:20266-1

OPENSUSE-SU-2026:20388-1

OPENSUSE-SU-2026:20408-1

OPENSUSE-SU-2026:20447-1

RHSA-2026:3730

RHSA-2026:3887

RHSA-2026:3896

RHSA-2026:4024

RHSA-2026:4059

RHSA-2026:4063

RHSA-2026:4064

RHSA-2026:4074

RHSA-2026:4075

RHSA-2026:4110

RHSA-2026:4254

RHSA-2026:4441

RHSA-2026:4475

RHSA-2026:4504

RHSA-2026:4505

RHSA-2026:4506

RHSA-2026:4509

RHSA-2026:4515

RHSA-2026:4516

RHSA-2026:4518

RHSA-2026:4524

RHSA-2026:4528

RHSA-2026:4544

RHSA-2026:4546

RHSA-2026:4547

RHSA-2026:4548

RHSA-2026:8756

SUSE-SU-2026:0584-1

SUSE-SU-2026:0585-1

SUSE-SU-2026:0586-1

SUSE-SU-2026:0588-1

SUSE-SU-2026:0614-1

SUSE-SU-2026:0615-1

SUSE-SU-2026:0616-1

SUSE-SU-2026:0768-1

SUSE-SU-2026:0770-1

SUSE-SU-2026:0771-1

SUSE-SU-2026:0786-1

SUSE-SU-2026:0881-1

SUSE-SU-2026:0882-1

SUSE-SU-2026:0883-1

SUSE-SU-2026:20587-1

SUSE-SU-2026:20588-1

SUSE-SU-2026:20906-1

SUSE-SU-2026:20921-1

SUSE-SU-2026:20983-1

USN-8072-1

Affected Products

Linuxmint

Postgresql

Red Os

Rocky Linux

Ubuntu

Intarray

CVE-2026-2004

Weakness Enumeration

Related Identifiers

Affected Products

References · 200