DEBIAN-CVE-2026-2004
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-2004
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-2004.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-2004
- Upstream
- Downstream
- Published
- 2026-02-12T14:16:02.213Z
- Modified
- 2026-02-20T10:01:32.670747Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
- References
Affected packages
Debian:11 / postgresql-13
Package
- Name
- postgresql-13
- Purl
- pkg:deb/debian/postgresql-13?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
13.*
13.3-1
13.4-0+deb11u1
13.4-1
13.4-2
13.4-3
13.5-0+deb11u1
13.7-0+deb11u1
13.8-0+deb11u1
13.9-0+deb11u1
13.10-0+deb11u1
13.11-0+deb11u1
13.12-0+deb11u1
13.13-0+deb11u1
13.14-0+deb11u1
13.15-0+deb11u1
13.16-0+deb11u1
13.17-0+deb11u1
13.18-0+deb11u1
13.19-0+deb11u1
13.20-0+deb11u1
13.21-0+deb11u1
13.22-0+deb11u1
13.23-0+deb11u1
Debian:12 / postgresql-15
Package
- Name
- postgresql-15
- Purl
- pkg:deb/debian/postgresql-15?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed15.16-0+deb12u1
Debian:13 / postgresql-17
Package
- Name
- postgresql-17
- Purl
- pkg:deb/debian/postgresql-17?arch=source
Debian:14 / postgresql-18
Package
- Name
- postgresql-18
- Purl
- pkg:deb/debian/postgresql-18?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed18.2-1