CVE-2026-2007Heap-based Buffer Overflow in Postgresql

CWE-122Heap-based Buffer OverflowCWE-120Classic Buffer Overflow14 documents8 sources
Severity
8.2HIGHNVD
EPSS
0.0%
top 94.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
PostgresqlDebian Postgresql-13Debian Postgresql-15+2 more
Timeline
PublishedFeb 12

Description

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages6 packages

debiandebian/postgresql-13< postgresql-18 18.2-1 (forky)
debiandebian/postgresql-15< postgresql-18 18.2-1 (forky)
debiandebian/postgresql-17< postgresql-18 18.2-1 (forky)
debiandebian/postgresql-18< postgresql-18 18.2-1 (forky)
CVEListV5postgresql/postgresql1818.2

🔴Vulnerability Details

3
OSV
CVE-2026-2007: Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string2026-02-12
CVEList
PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory2026-02-12
GHSA
GHSA-5pr9-9395-q5gq: Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string2026-02-12

📋Vendor Advisories

3
Red Hat
postgresql: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory2026-02-12
Debian
CVE-2026-2007: postgresql-13 - Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unk...2026
Red Hat
CVE-2007-2026: The gnu regular expression code in file 4

🕵️Threat Intelligence

6
Wiz
CVE-2026-2004 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-3172 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-2003 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-2005 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-2006 Impact, Exploitability, and Mitigation Steps | Wiz