CVE-2026-3172 Buffer — Exploit & Vulnerability Details HIGH

CVE-2026-3172

HIGH CVSS 3.1: 8.1 EPSS 0.06%

Parameter	Value
CVSS	8.1 (HIGH)
Type	CWE-191 (Integer Underflow), CWE-787 (Out-of-bounds Write)
Vendor	Buffer
Public PoC	No

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

None

No data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-191 Integer Underflow

CWE-787 Out-of-bounds Write

References 1

https://github.com/pgvector/pgvector/issues/959

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Share Post Share Share Share

Related Vulnerabilities

CVE-2025-25526

Buffer

5.1

CVE-1999-0319

Buffer

None

Menu

CVE-2026-3172

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2025-25526

CVE-1999-0319

CVE Details

Editor's Choice

Menu

CVE-2026-3172

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2025-25526

CVE-1999-0319

CVE Details

Editor's Choice

Stay informed on cybersecurity