CVE-2026-2004
published 2026-02-12CVE-2026-2004: Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the…
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.78%
51.5th percentile
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | postgresql-13 | < postgresql-13 13.23-0+deb11u2 (bullseye) | postgresql-13 13.23-0+deb11u2 (bullseye) |
| debian | postgresql-15 | < postgresql-13 13.23-0+deb11u2 (bullseye) | postgresql-13 13.23-0+deb11u2 (bullseye) |
| debian | postgresql-17 | < postgresql-13 13.23-0+deb11u2 (bullseye) | postgresql-13 13.23-0+deb11u2 (bullseye) |
| debian | postgresql-18 | < postgresql-13 13.23-0+deb11u2 (bullseye) | postgresql-13 13.23-0+deb11u2 (bullseye) |
| postgresql | postgresql | < 14.21 | 14.21 |
| postgresql | postgresql | >= 14.0 < 14.21 | 14.21 |
| postgresql | postgresql | >= 15 < 15.16 | 15.16 |
| postgresql | postgresql | >= 15.0 < 15.16 | 15.16 |
| postgresql | postgresql | >= 16 < 16.12 | 16.12 |
| postgresql | postgresql | >= 16.0 < 16.12 | 16.12 |
| postgresql | postgresql | >= 17 < 17.8 | 17.8 |
| postgresql | postgresql | >= 17.0 < 17.8 | 17.8 |
| postgresql | postgresql | >= 18 < 18.2 | 18.2 |
| postgresql | postgresql | >= 18.0 < 18.2 | 18.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability exists in the PostgreSQL intarray extension's selectivity estimator function — monitor for unexpected object creation (e.g., CREATE FUNCTION, CREATE OPERATOR CLASS) by non-superuser roles that interact with intarray operators, as exploitation requires an 'object creator' role. ↗
- →Audit PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16, and 14.21 for the presence of the intarray extension and restrict CREATE privilege to trusted users until patched. ↗
- ·No public exploit exists for this CVE as of the time of source publication; exploitation probability (EPSS) is relatively low at 14.8 percentile. ↗
- ·Debian 11 and Red Hat 6/7 have no fix available; environments running these distributions remain exposed. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
PostgreSQL up to 18.1 intarray Extension improper validation of specified type of input (Nessus ID 298886 / WID-SEC-2026-0409)
vuldb·2026-07-01·CVSS 8.8
CVE-2026-2004 [HIGH] PostgreSQL up to 18.1 intarray Extension improper validation of specified type of input (Nessus ID 298886 / WID-SEC-2026-0409)
A vulnerability described as critical has been identified in PostgreSQL up to 14.20/15.15/16.11/17.7/18.1. The impacted element is an unknown function of the component intarray Extension. Such manipulation leads to improper validation of specified type of input.
This vulnerability is referenced as CVE-2026-2004. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is recommended.
OSV
postgresql-14, postgresql-16, postgresql-17 vulnerabilities
osv·2026-03-04·CVSS 4.3
CVE-2026-2003 [MEDIUM] postgresql-14, postgresql-16, postgresql-17 vulnerabilities
postgresql-14, postgresql-16, postgresql-17 vulnerabilities
Altan Birler discovered that PostgreSQL incorrectly validated oidvector
types. An attacker could possibly use this issue to obtain a few bytes of
sensitive information. (CVE-2026-2003)
Daniel Firer discovered that PostgreSQL incorrectly validated input in the
intarray extension. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2026-2004)
It was dicovered that PosgreSQL incorrectly handled certain pgcrypto memory
operations. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2026-2005)
Paul Gerste and Moritz Sanft discovered that PostgreSQL incorrectly
validated multibyte character lengths. An attacker could possibly use this
issue to execute arbitrary code. (CVE-2026-2006)
GHSA
GHSA-qw3h-8vxv-jf6c: Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code
ghsa_unreviewed·2026-02-12
CVE-2026-2004 [HIGH] CWE-1287 GHSA-qw3h-8vxv-jf6c: Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
OSV
CVE-2026-2004: Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code
osv·2026-02-12·CVSS 8.8
CVE-2026-2004 [HIGH] CVE-2026-2004: Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Red Hat
libredwg: GNU LibreDWG: Denial of Service via out-of-bounds read in Dwgbmp Utility
vendor_redhat·2026-05-26·CVSS 1.9
CVE-2026-9530 [LOW] CWE-125 libredwg: GNU LibreDWG: Denial of Service via out-of-bounds read in Dwgbmp Utility
libredwg: GNU LibreDWG: Denial of Service via out-of-bounds read in Dwgbmp Utility
A flaw was found in GNU LibreDWG, specifically within the Dwgbmp Utility component. A local attacker could exploit an out-of-bounds read vulnerability in the `read_2004_compressed_section` function by manipulating a file. This could lead to a denial of service, making the application unavailable.
Package: vim (Red Hat Enterprise Linux 10) - Under investigation
Package: vim (Red Hat Enterprise Linux 6) - Under investigation
Package: vim (Red Hat Enterprise Linux 7) - Under investigation
Package: vim (Red Hat Enterprise Linux 8) - Under investigation
Package: vim (Red Hat Enterprise Linux 9) - Under investigation
Package: rhcos (Red Hat OpenShift Container Platform 4) - Under investigation
Ubuntu
PostgreSQL vulnerabilities
vendor_ubuntu·2026-03-04·CVSS 4.3
CVE-2026-2003 [MEDIUM] PostgreSQL vulnerabilities
Title: PostgreSQL vulnerabilities
Summary: Several security issues were fixed in PostgreSQL.
Altan Birler discovered that PostgreSQL incorrectly validated oidvector
types. An attacker could possibly use this issue to obtain a few bytes of
sensitive information. (CVE-2026-2003)
Daniel Firer discovered that PostgreSQL incorrectly validated input in the
intarray extension. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2026-2004)
It was dicovered that PosgreSQL incorrectly handled certain pgcrypto memory
operations. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2026-2005)
Paul Gerste and Moritz Sanft discovered that PostgreSQL incorrectly
validated multibyte character lengths. An attacker could possibly use this
issue to execute arbi
Red Hat
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
vendor_redhat·2026-02-12·CVSS 8.8
CVE-2026-2004 [HIGH] CWE-1287 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security cri
Debian
CVE-2026-2004: postgresql-13 - Missing validation of type of input in PostgreSQL intarray extension selectivity...
vendor_debian·2026·CVSS 8.8
CVE-2026-2004 [HIGH] CVE-2026-2004: postgresql-13 - Missing validation of type of input in PostgreSQL intarray extension selectivity...
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Scope: local
bullseye: resolved (fixed in 13.23-0+deb11u2)
Citrix
Citrix Security Bulletin CTX105650
vendor_citrix·CVSS 5.0
CVE-2004-1077 [MEDIUM] Citrix Security Bulletin CTX105650
Citrix Security Bulletin CTX105650
CVE References: CVE-2004-1077, CVE-2004-1078, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
Wiz
CVE-2026-2004 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-2004 [HIGH] CVE-2026-2004 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2004 :
PostgreSQL vulnerability analysis and mitigation
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Source : NVD
## 8.8
Score
Published February 12, 2026
Severity HIGH
CNA Score 8.8
High-profile Vulnerability Yes
Affected Technologies
PostgreSQL
Rocky Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
postgresql15-test-rpm-macros
postgresql18-pltcl
Sources
Alma
Wiz
CVE-2026-3172 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-3172 [HIGH] CVE-2026-3172 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3172 :
PostgreSQL vulnerability analysis and mitigation
Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.
Source : NVD
## 8.1
Score
Published February 25, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
PostgreSQL
pgVector
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
postgresql15-pgvector
postgresql16-pgvector
Sources
NVD
Debian 13 Severity MEDIUM No Fix Added at: Mar 02, 2026
Debian 14 Severity HIGH Has Fix Added at: Mar 02, 2026
Echo Severity HIGH No Fix Adde
Wiz
CVE-2026-2003 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-2003 [MEDIUM] CVE-2026-2003 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2003 :
PostgreSQL vulnerability analysis and mitigation
Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Source : NVD
## 4.3
Score
Published February 12, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
PostgreSQL
Rocky Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
postgresql16
postgresql:12::postgre
Wiz
CVE-2026-2005 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-2005 [HIGH] CVE-2026-2005 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2005 :
PostgreSQL vulnerability analysis and mitigation
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Source : NVD
## 8.8
Score
Published February 12, 2026
Severity HIGH
CNA Score 8.8
High-profile Vulnerability Yes
Affected Technologies
PostgreSQL
Rocky Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
postgresql:12::postgresql-test
postgresql16-private-libs-debuginfo
Sources
AlmaLinux 8 Severity HIGH Has Fix Adde
Wiz
CVE-2026-2006 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-2006 [HIGH] CVE-2026-2006 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2006 :
PostgreSQL vulnerability analysis and mitigation
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Source : NVD
## 8.8
Score
Published February 12, 2026
Severity HIGH
CNA Score 8.8
High-profile Vulnerability Yes
Affected Technologies
PostgreSQL
Rocky Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
postgresql17-co
Wiz
O banco de dados CVE: inteligência de vulnerabilidade com curadoria da Wiz | Wiz
blogs_wiz·CVSS 8.8
[HIGH] O banco de dados CVE: inteligência de vulnerabilidade com curadoria da Wiz | Wiz
## Banco de dados de vulnerabilidades Wiz
Um recurso abrangente para monitorar vulnerabilidades de alto perfil em ambientes de nuvem, adaptado para equipes de segurança e profissionais de nuvem
Veja como o Wiz detecta vulnerabilidades exploráveis em cargas de trabalho na nuvem. Assista à demo de 12 minutos
## Explore por tecnologia
## Filtros populares
## Alto perfil
CVE ID
Gravidade
Pontuação
Tecnologias
Nome do componente
Exploração do CISA KEV
Tem correção
Data de publicação
CVE-2026-3854
HIGH
8.7
GitHub Enterprise Server
cpe:2.3:a:github:enterprise_server
Não
Sim
Mar 10, 2026
CVE-2026-26220
CRITICAL
9.3
Python
lightllm
Não
Não
Feb 17, 2026
CVE-2026-2006
HIGH
8.8
PostgreSQL
postgresql:13::postgresql-test-rpm-macros
Não
Sim
Feb 12, 2026
CVE-2026
Wiz
CVE-2026-2007 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-2007 [HIGH] CVE-2026-2007 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2007 :
PostgreSQL vulnerability analysis and mitigation
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.
Source : NVD
## 8.2
Score
Published February 12, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
PostgreSQL
Linux openSUSE
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
postgresql
libecpg6
Sources
Alpine 3.20, 3.21, 3.22,
Bugzilla
CVE-2026-9530 libredwg: GNU LibreDWG: Denial of Service via out-of-bounds read in Dwgbmp Utility
bugzilla·2026-05-26·CVSS 1.9
CVE-2026-9530 [LOW] CVE-2026-9530 libredwg: GNU LibreDWG: Denial of Service via out-of-bounds read in Dwgbmp Utility
CVE-2026-9530 libredwg: GNU LibreDWG: Denial of Service via out-of-bounds read in Dwgbmp Utility
A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called 8f03865f37f5d4ffd616fef802acc980be54d300. It is advisable to implement a patch to correct this issue.
Bugzilla
CVE-2026-2004 mingw-postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code [fedora-42]
bugzilla·2026-02-12·CVSS 8.8
CVE-2026-2004 [HIGH] CVE-2026-2004 mingw-postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code [fedora-42]
CVE-2026-2004 mingw-postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because yo
Bugzilla
CVE-2026-2004 postgresql16: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code [fedora-42]
bugzilla·2026-02-12·CVSS 8.8
CVE-2026-2004 [HIGH] CVE-2026-2004 postgresql16: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code [fedora-42]
CVE-2026-2004 postgresql16: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
pl
Bugzilla
CVE-2026-2004 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
bugzilla·2026-02-12·CVSS 8.8
CVE-2026-2004 [HIGH] CVE-2026-2004 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
CVE-2026-2004 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2026:3730 https://access.redhat.com/errata/RHSA-2026:3730
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2026:3887 https://access.redhat.com/errata/RHSA-2026:3887
---
This issue has been addressed in the following products:
Bugzilla
CVE-2026-2004 postgresql17: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code [fedora-42]
bugzilla·2026-02-12·CVSS 8.8
CVE-2026-2004 [HIGH] CVE-2026-2004 postgresql17: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code [fedora-42]
CVE-2026-2004 postgresql17: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
pl
https://www.postgresql.org/support/security/CVE-2026-2004/https://access.redhat.com/errata/RHSA-2026:19009https://access.redhat.com/errata/RHSA-2026:19010https://access.redhat.com/errata/RHSA-2026:3730https://access.redhat.com/errata/RHSA-2026:3887https://access.redhat.com/errata/RHSA-2026:3896https://access.redhat.com/errata/RHSA-2026:4024https://access.redhat.com/errata/RHSA-2026:4059https://access.redhat.com/errata/RHSA-2026:4063https://access.redhat.com/errata/RHSA-2026:4064https://access.redhat.com/errata/RHSA-2026:4074https://access.redhat.com/errata/RHSA-2026:4075https://access.redhat.com/errata/RHSA-2026:4110https://access.redhat.com/errata/RHSA-2026:4254https://access.redhat.com/errata/RHSA-2026:4441https://access.redhat.com/errata/RHSA-2026:4475https://access.redhat.com/errata/RHSA-2026:4504https://access.redhat.com/errata/RHSA-2026:4505https://access.redhat.com/errata/RHSA-2026:4506https://access.redhat.com/errata/RHSA-2026:4509https://access.redhat.com/errata/RHSA-2026:4515https://access.redhat.com/errata/RHSA-2026:4516https://access.redhat.com/errata/RHSA-2026:4518https://access.redhat.com/errata/RHSA-2026:4524https://access.redhat.com/errata/RHSA-2026:4528https://access.redhat.com/errata/RHSA-2026:4544https://access.redhat.com/errata/RHSA-2026:4546https://access.redhat.com/errata/RHSA-2026:4547https://access.redhat.com/errata/RHSA-2026:4548https://access.redhat.com/errata/RHSA-2026:4943https://access.redhat.com/errata/RHSA-2026:8756https://access.redhat.com/security/cve/CVE-2026-2004https://bugzilla.redhat.com/show_bug.cgi?id=2439325https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2004.json
2026-02-12
Published