CVE-2026-2007 PostgreSQL — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.2 (HIGH)
Type	CWE-122 (Heap-based Buffer Overflow (Переполнение буфера в куче))
Vendor	PostgreSQL
Public PoC	No

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Privileges Required

None

Права не нужны

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

None

Нет утечки данных

Integrity

Low

Частичная модификация данных

Availability

High

Полный отказ в обслуживании

CVSS Vector v3.1

Weakness Type (CWE)

CWE-122 Heap-based Buffer Overflow (Переполнение буфера в куче)

References 1

https://www.postgresql.org/support/security/CVE-2026-2007/

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-29089

PostgreSQL

8.8

CVE-2026-27005

PostgreSQL

8.8

CVE-2026-26932

PostgreSQL

5.7

CVE-2025-67305

PostgreSQL

None

CVE-2025-67304

PostgreSQL

None

Menu

CVE-2026-2007

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-29089

CVE-2026-27005

CVE-2026-26932

CVE-2025-67305

CVE-2025-67304

CVE Details

Editor's Choice