Donate Telegram

CVE-2026-4427

HIGH CVSS 3.1: 7.5

Mar 19, 2026

Updated Mar 19, 2026

PostgreSQL

Parameter	Value
CVSS	7.5 (HIGH)
Type	CWE-129 (Improper Validation of Array Index)
Vendor	PostgreSQL
Public PoC	No

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service (DoS) due to a slice bounds out of range panic.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

None

No data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-129 Improper Validation of Array Index

References 6

https://access.redhat.com/security/cve/CVE-2026-4427

secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2448626

secalert@redhat.com

https://github.com/golang/vulndb/issues/4518

secalert@redhat.com

https://github.com/jackc/pgproto3

secalert@redhat.com

https://github.com/jackc/pgx/issues/2507

secalert@redhat.com

https://securityinfinity.com/research/memory-safety-vulnerabilities-in-go-postg…

secalert@redhat.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-32628

Mintplexlabs

CVE-2026-32234

PostgreSQL

CVE-2026-31871

PostgreSQL

CVE-2026-31840

PostgreSQL

CVE-2025-13957

PostgreSQL

CVE Details

CVE ID

CVE-2026-4427

Published Date

Mar 19, 2026

Vendor

PostgreSQL

Severity

HIGH

CVSS v3.1 Score

7.5

High severity. Prioritize patching.

Attack Analysis

Exploitability 3.9/10

How easy to exploit

Impact 3.6/10

Severity of consequences

Impact

Denial of Service

Source

Editor's Choice