CVE-2026-2007

EUVD-2026-7042
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string.  The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation.  PostgreSQL 18.1 and 18.0 are affected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
postgresqlpostgresql
18.0 ≤
𝑥
< 18.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
postgresql-13
bullseye
13.16-0+deb11u1
fixed
bullseye (security)
13.23-0+deb11u3
fixed
postgresql-15
bookworm
15.17-0+deb12u1
fixed
bookworm (security)
15.18-0+deb12u1
fixed
postgresql-17
trixie
17.9-0+deb13u1
fixed
trixie (security)
17.10-0+deb13u1
fixed
postgresql-18
forky
18.3-1
fixed
sid
18.4-1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libecpg6
suse enterprise sap 15 SP7
18.3-150600.13.8.1
fixed
suse enterprise server 12 SP5
18.2-8.6.1
fixed
suse enterprise server 15 SP4
18.2-150200.5.6.1
fixed
suse enterprise server 15 SP5
18.2-150200.5.6.1
fixed
suse enterprise server 15 SP6
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP7
18.3-150600.13.8.1
fixed
libecpg6-32bit
suse enterprise server 12 SP5
18.2-8.6.1
fixed
libpq5
suse enterprise desktop 15 SP7
18.3-150600.13.8.1
fixed
suse enterprise sap 15 SP7
18.3-150600.13.8.1
fixed
suse enterprise server 12 SP5
18.2-8.6.1
fixed
suse enterprise server 15 SP4
18.2-150200.5.6.1
fixed
suse enterprise server 15 SP5
18.2-150200.5.6.1
fixed
suse enterprise server 15 SP6
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP7
18.3-150600.13.8.1
fixed
libpq5-32bit
suse enterprise desktop 15 SP7
18.3-150600.13.8.1
fixed
suse enterprise sap 15 SP7
18.3-150600.13.8.1
fixed
suse enterprise server 12 SP5
18.2-8.6.1
fixed
suse enterprise server 15 SP4
18.2-150200.5.6.1
fixed
suse enterprise server 15 SP5
18.2-150200.5.6.1
fixed
suse enterprise server 15 SP6
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP7
18.3-150600.13.8.1
fixed
postgresql18
suse enterprise desktop 15 SP7
18.3-150600.13.8.1
fixed
suse enterprise sap 15 SP7
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP6
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP7
18.3-150600.13.8.1
fixed
postgresql18-contrib
suse enterprise sap 15 SP7
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP6
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP7
18.3-150600.13.8.1
fixed
postgresql18-devel
suse enterprise sap 15 SP7
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP6
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP7
18.3-150600.13.8.1
fixed
postgresql18-docs
suse enterprise sap 15 SP7
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP6
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP7
18.3-150600.13.8.1
fixed
postgresql18-plperl
suse enterprise sap 15 SP7
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP6
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP7
18.3-150600.13.8.1
fixed
postgresql18-plpython
suse enterprise sap 15 SP7
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP6
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP7
18.3-150600.13.8.1
fixed
postgresql18-pltcl
suse enterprise sap 15 SP7
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP6
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP7
18.3-150600.13.8.1
fixed
postgresql18-server
suse enterprise sap 15 SP7
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP6
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP7
18.3-150600.13.8.1
fixed
postgresql18-server-devel
suse enterprise sap 15 SP7
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP6
18.3-150600.13.8.1
fixed
suse enterprise server 15 SP7
18.3-150600.13.8.1
fixed
Common Weakness Enumeration
References
https://www.postgresql.org/support/security/CVE-2026-2007/