UBUNTU-CVE-2026-2004
- Source
- https://ubuntu.com/security/CVE-2026-2004
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-2004.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-2004
- Upstream
- Published
- 2026-02-13T00:00:00Z
- Modified
- 2026-02-13T18:15:34.764949Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
- References
Affected packages
Ubuntu:20.04:LTS
postgresql-12
Package
- Name
- postgresql-12
- Purl
- pkg:deb/ubuntu/postgresql-12@12.22-0ubuntu0.20.04.4?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
12.*
12.0-1
12.1-1
12.1-2build1
12.2-1
12.2-1ubuntu2
12.2-4
12.4-0ubuntu0.20.04.1
12.5-0ubuntu0.20.04.1
12.6-0ubuntu0.20.04.1
12.7-0ubuntu0.20.04.1
12.8-0ubuntu0.20.04.1
12.9-0ubuntu0.20.04.1
12.10-0ubuntu0.20.04.1
12.11-0ubuntu0.20.04.1
12.12-0ubuntu0.20.04.1
12.13-0ubuntu0.20.04.1
12.14-0ubuntu0.20.04.1
12.15-0ubuntu0.20.04.1
12.16-0ubuntu0.20.04.1
12.17-0ubuntu0.20.04.1
12.18-0ubuntu0.20.04.1
12.19-0ubuntu0.20.04.1
12.20-0ubuntu0.20.04.1
12.22-0ubuntu0.20.04.1
12.22-0ubuntu0.20.04.2
12.22-0ubuntu0.20.04.4
Ecosystem specific
{
"binaries": [
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "libecpg-dev"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "libecpg6"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "libpgtypes3"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "libpq-dev"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "libpq5"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "postgresql-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "postgresql-client-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "postgresql-doc-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "postgresql-plperl-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "postgresql-plpython3-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "postgresql-pltcl-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "postgresql-server-dev-12"
}
]
}Ubuntu:22.04:LTS
postgresql-14
Package
- Name
- postgresql-14
- Purl
- pkg:deb/ubuntu/postgresql-14@14.20-0ubuntu0.22.04.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
14.*
14.1-1ubuntu1
14.2-1
14.2-1ubuntu1
14.3-0ubuntu0.22.04.1
14.4-0ubuntu0.22.04.1
14.5-0ubuntu0.22.04.1
14.6-0ubuntu0.22.04.1
14.7-0ubuntu0.22.04.1
14.8-0ubuntu0.22.04.1
14.9-0ubuntu0.22.04.1
14.10-0ubuntu0.22.04.1
14.11-0ubuntu0.22.04.1
14.12-0ubuntu0.22.04.1
14.13-0ubuntu0.22.04.1
14.15-0ubuntu0.22.04.1
14.17-0ubuntu0.22.04.1
14.18-0ubuntu0.22.04.1
14.19-0ubuntu0.22.04.1
14.20-0ubuntu0.22.04.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "14.20-0ubuntu0.22.04.1",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "14.20-0ubuntu0.22.04.1",
"binary_name": "libecpg-dev"
},
{
"binary_version": "14.20-0ubuntu0.22.04.1",
"binary_name": "libecpg6"
},
{
"binary_version": "14.20-0ubuntu0.22.04.1",
"binary_name": "libpgtypes3"
},
{
"binary_version": "14.20-0ubuntu0.22.04.1",
"binary_name": "libpq-dev"
},
{
"binary_version": "14.20-0ubuntu0.22.04.1",
"binary_name": "libpq5"
},
{
"binary_version": "14.20-0ubuntu0.22.04.1",
"binary_name": "postgresql-14"
},
{
"binary_version": "14.20-0ubuntu0.22.04.1",
"binary_name": "postgresql-client-14"
},
{
"binary_version": "14.20-0ubuntu0.22.04.1",
"binary_name": "postgresql-doc-14"
},
{
"binary_version": "14.20-0ubuntu0.22.04.1",
"binary_name": "postgresql-plperl-14"
},
{
"binary_version": "14.20-0ubuntu0.22.04.1",
"binary_name": "postgresql-plpython3-14"
},
{
"binary_version": "14.20-0ubuntu0.22.04.1",
"binary_name": "postgresql-pltcl-14"
},
{
"binary_version": "14.20-0ubuntu0.22.04.1",
"binary_name": "postgresql-server-dev-14"
}
]
}Ubuntu:24.04:LTS
postgresql-16
Package
- Name
- postgresql-16
- Purl
- pkg:deb/ubuntu/postgresql-16@16.11-0ubuntu0.24.04.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
16.*
16.0-2
16.1-1
16.1-1build1
16.1-1build3
16.2-1
16.2-1ubuntu2
16.2-1ubuntu3
16.2-1ubuntu4
16.3-0ubuntu0.24.04.1
16.4-0ubuntu0.24.04.1
16.4-0ubuntu0.24.04.2
16.6-0ubuntu0.24.04.1
16.8-0ubuntu0.24.04.1
16.9-0ubuntu0.24.04.1
16.10-0ubuntu0.24.04.1
16.11-0ubuntu0.24.04.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "16.11-0ubuntu0.24.04.1",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "16.11-0ubuntu0.24.04.1",
"binary_name": "libecpg-dev"
},
{
"binary_version": "16.11-0ubuntu0.24.04.1",
"binary_name": "libecpg6"
},
{
"binary_version": "16.11-0ubuntu0.24.04.1",
"binary_name": "libpgtypes3"
},
{
"binary_version": "16.11-0ubuntu0.24.04.1",
"binary_name": "libpq-dev"
},
{
"binary_version": "16.11-0ubuntu0.24.04.1",
"binary_name": "libpq5"
},
{
"binary_version": "16.11-0ubuntu0.24.04.1",
"binary_name": "postgresql-16"
},
{
"binary_version": "16.11-0ubuntu0.24.04.1",
"binary_name": "postgresql-client-16"
},
{
"binary_version": "16.11-0ubuntu0.24.04.1",
"binary_name": "postgresql-doc-16"
},
{
"binary_version": "16.11-0ubuntu0.24.04.1",
"binary_name": "postgresql-plperl-16"
},
{
"binary_version": "16.11-0ubuntu0.24.04.1",
"binary_name": "postgresql-plpython3-16"
},
{
"binary_version": "16.11-0ubuntu0.24.04.1",
"binary_name": "postgresql-pltcl-16"
},
{
"binary_version": "16.11-0ubuntu0.24.04.1",
"binary_name": "postgresql-server-dev-16"
}
]
}Ubuntu:25.10
postgresql-17
Package
- Name
- postgresql-17
- Purl
- pkg:deb/ubuntu/postgresql-17@17.7-0ubuntu0.25.10.1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "17.7-0ubuntu0.25.10.1",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "17.7-0ubuntu0.25.10.1",
"binary_name": "libecpg-dev"
},
{
"binary_version": "17.7-0ubuntu0.25.10.1",
"binary_name": "libecpg6"
},
{
"binary_version": "17.7-0ubuntu0.25.10.1",
"binary_name": "libpgtypes3"
},
{
"binary_version": "17.7-0ubuntu0.25.10.1",
"binary_name": "libpq-dev"
},
{
"binary_version": "17.7-0ubuntu0.25.10.1",
"binary_name": "libpq5"
},
{
"binary_version": "17.7-0ubuntu0.25.10.1",
"binary_name": "postgresql-17"
},
{
"binary_version": "17.7-0ubuntu0.25.10.1",
"binary_name": "postgresql-client-17"
},
{
"binary_version": "17.7-0ubuntu0.25.10.1",
"binary_name": "postgresql-doc-17"
},
{
"binary_version": "17.7-0ubuntu0.25.10.1",
"binary_name": "postgresql-plperl-17"
},
{
"binary_version": "17.7-0ubuntu0.25.10.1",
"binary_name": "postgresql-plpython3-17"
},
{
"binary_version": "17.7-0ubuntu0.25.10.1",
"binary_name": "postgresql-pltcl-17"
},
{
"binary_version": "17.7-0ubuntu0.25.10.1",
"binary_name": "postgresql-server-dev-17"
}
]
}Ubuntu:Pro:14.04:LTS
postgresql-9.3
Package
- Name
- postgresql-9.3
- Purl
- pkg:deb/ubuntu/postgresql-9.3@9.3.24-0ubuntu0.14.04+esm1?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.3.1-1
9.3.2-1
9.3.2-1ubuntu1
9.3.2-1ubuntu2
9.3.3-1
9.3.3-1bzr1
9.3.3-1bzr2
9.3.4-1
9.3.5-0ubuntu0.14.04.1
9.3.6-0ubuntu0.14.04
9.3.7-0ubuntu0.14.04
9.3.8-0ubuntu0.4.04
9.3.9-0ubuntu0.14.04
9.3.10-0ubuntu0.14.04
9.3.11-0ubuntu0.14.04
9.3.12-0ubuntu0.14.04
9.3.13-0ubuntu0.14.04
9.3.14-0ubuntu0.14.04
9.3.15-0ubuntu0.14.04
9.3.16-0ubuntu0.14.04
9.3.17-0ubuntu0.14.04
9.3.18-0ubuntu0.14.04.1
9.3.19-0ubuntu0.14.04
9.3.20-0ubuntu0.14.04
9.3.21-0ubuntu0.14.04
9.3.22-0ubuntu0.14.04
9.3.23-0ubuntu0.14.04
9.3.24-0ubuntu0.14.04
9.3.24-0ubuntu0.14.04+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libecpg-dev"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libecpg6"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libpgtypes3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libpq-dev"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libpq5"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-client-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-contrib-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-doc-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-plperl-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-plpython-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-plpython3-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-pltcl-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-server-dev-9.3"
}
]
}Ubuntu:Pro:16.04:LTS
postgresql-9.5
Package
- Name
- postgresql-9.5
- Purl
- pkg:deb/ubuntu/postgresql-9.5@9.5.25-0ubuntu0.16.04.1+esm10?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.5.0-1
9.5.0-2
9.5.0-3
9.5.1-1
9.5.2-1
9.5.3-0ubuntu0.16.04
9.5.4-0ubuntu0.16.04
9.5.5-0ubuntu0.16.04
9.5.6-0ubuntu0.16.04
9.5.7-0ubuntu0.16.04
9.5.8-0ubuntu0.16.04.1
9.5.9-0ubuntu0.16.04
9.5.10-0ubuntu0.16.04
9.5.11-0ubuntu0.16.04
9.5.12-0ubuntu0.16.04
9.5.13-0ubuntu0.16.04
9.5.14-0ubuntu0.16.04
9.5.16-0ubuntu0.16.04.1
9.5.17-0ubuntu0.16.04.1
9.5.18-0ubuntu0.16.04.1
9.5.19-0ubuntu0.16.04.1
9.5.21-0ubuntu0.16.04.1
9.5.23-0ubuntu0.16.04.1
9.5.24-0ubuntu0.16.04.1
9.5.25-0ubuntu0.16.04.1
9.5.25-0ubuntu0.16.04.1+esm1
9.5.25-0ubuntu0.16.04.1+esm2
9.5.25-0ubuntu0.16.04.1+esm3
9.5.25-0ubuntu0.16.04.1+esm4
9.5.25-0ubuntu0.16.04.1+esm5
9.5.25-0ubuntu0.16.04.1+esm6
9.5.25-0ubuntu0.16.04.1+esm7
9.5.25-0ubuntu0.16.04.1+esm8
9.5.25-0ubuntu0.16.04.1+esm10
Ecosystem specific
{
"binaries": [
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libecpg-dev"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libecpg6"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libpgtypes3"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libpq-dev"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libpq5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-client-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-contrib-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-doc-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-plperl-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-plpython-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-plpython3-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-pltcl-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-server-dev-9.5"
}
]
}Ubuntu:Pro:18.04:LTS
postgresql-10
Package
- Name
- postgresql-10
- Purl
- pkg:deb/ubuntu/postgresql-10@10.23-0ubuntu0.18.04.2+esm3?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
10.*
10.1-1
10.1-2
10.2-1
10.3-1
10.4-0ubuntu0.18.04
10.5-0ubuntu0.18.04
10.6-0ubuntu0.18.04.1
10.7-0ubuntu0.18.04.1
10.8-0ubuntu0.18.04.1
10.9-0ubuntu0.18.04.1
10.10-0ubuntu0.18.04.1
10.12-0ubuntu0.18.04.1
10.14-0ubuntu0.18.04.1
10.15-0ubuntu0.18.04.1
10.16-0ubuntu0.18.04.1
10.17-0ubuntu0.18.04.1
10.18-0ubuntu0.18.04.1
10.19-0ubuntu0.18.04.1
10.20-0ubuntu0.18.04.1
10.21-0ubuntu0.18.04.1
10.22-0ubuntu0.18.04.1
10.23-0ubuntu0.18.04.1
10.23-0ubuntu0.18.04.2
10.23-0ubuntu0.18.04.2+esm1
10.23-0ubuntu0.18.04.2+esm2
10.23-0ubuntu0.18.04.2+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libecpg-dev"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libecpg6"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libpgtypes3"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libpq-dev"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libpq5"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-client-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-doc-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-plperl-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-plpython-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-plpython3-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-pltcl-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-server-dev-10"
}
]
}