ALPINE-CVE-2026-2004

See a problem?
Please try reporting it to the source first.
Source
https://security.alpinelinux.org/vuln/CVE-2026-2004
Import Source
https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2004.json
JSON Data
https://api.osv.dev/v1/vulns/ALPINE-CVE-2026-2004
Upstream
  • CVE-2026-2004
Published
2026-02-12T14:16:02.213Z
Modified
2026-02-15T20:16:51.547161Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

References

Affected packages

Alpine:v3.20
postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.16-r0

Affected versions

15.*
15.1-r0
15.1-r1
15.2-r0
15.2-r1
15.2-r2
15.2-r3
15.2-r4
15.3-r0
15.3-r1
15.4-r0
15.4-r1
15.4-r2
15.5-r0
15.6-r0
15.6-r1
15.6-r2
15.7-r0
15.8-r0
15.9-r0
15.10-r0
15.11-r0
15.13-r0
15.14-r0
15.15-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2004.json"
postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.12-r0

Affected versions

16.*
16.0-r0
16.0-r1
16.0-r2
16.1-r0
16.2-r0
16.2-r1
16.2-r2
16.2-r3
16.2-r4
16.3-r0
16.4-r0
16.5-r0
16.6-r0
16.8-r0
16.9-r0
16.10-r0
16.11-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2004.json"
Alpine:v3.21
postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.12-r0

Affected versions

16.*
16.0-r0
16.0-r1
16.0-r2
16.1-r0
16.2-r0
16.2-r1
16.2-r2
16.2-r3
16.2-r4
16.3-r0
16.3-r1
16.4-r0
16.4-r1
16.5-r0
16.6-r0
16.8-r0
16.9-r0
16.10-r0
16.11-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2004.json"
postgresql17

Package

Name
postgresql17
Purl
pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.8-r0

Affected versions

17.*
17.0-r0
17.0-r1
17.1-r0
17.2-r0
17.4-r0
17.5-r0
17.6-r0
17.7-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2004.json"
Alpine:v3.22
postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.12-r0

Affected versions

16.*
16.0-r0
16.0-r1
16.0-r2
16.1-r0
16.2-r0
16.2-r1
16.2-r2
16.2-r3
16.2-r4
16.3-r0
16.3-r1
16.4-r0
16.4-r1
16.5-r0
16.6-r0
16.8-r0
16.8-r1
16.8-r2
16.8-r3
16.8-r4
16.9-r0
16.10-r0
16.11-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2004.json"
postgresql17

Package

Name
postgresql17
Purl
pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.8-r0

Affected versions

17.*
17.0-r0
17.0-r1
17.1-r0
17.2-r0
17.4-r0
17.4-r1
17.4-r2
17.4-r3
17.4-r4
17.5-r0
17.6-r0
17.7-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2004.json"
Alpine:v3.23
postgresql17

Package

Name
postgresql17
Purl
pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.8-r0

Affected versions

17.*
17.0-r0
17.0-r1
17.1-r0
17.2-r0
17.4-r0
17.4-r1
17.4-r2
17.4-r3
17.4-r4
17.5-r0
17.5-r1
17.5-r2
17.5-r3
17.6-r0
17.6-r1
17.7-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2004.json"
postgresql18

Package

Name
postgresql18
Purl
pkg:apk/alpine/postgresql18?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.2-r0

Affected versions

18.*
18.0-r0
18.1-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-2004.json"