CVE-2026-2003

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-2003
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2003.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-2003
Aliases
Downstream
Related
Published
2026-02-12T14:16:02.067Z
Modified
2026-03-13T08:59:50.213580572Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "14.0"
            },
            {
                "fixed": "14.21"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "15.0"
            },
            {
                "fixed": "15.16"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "16.0"
            },
            {
                "fixed": "16.12"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "17.0"
            },
            {
                "fixed": "17.8"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "18.0"
            },
            {
                "fixed": "18.2"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2003.json"