CVE-2026-2004

high

Description

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

References

https://www.postgresql.org/support/security/CVE-2026-2004/

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2004.json

https://bugzilla.redhat.com/show_bug.cgi?id=2439325

https://access.redhat.com/security/cve/CVE-2026-2004

https://access.redhat.com/errata/RHSA-2026:8756

https://access.redhat.com/errata/RHSA-2026:4943

https://access.redhat.com/errata/RHSA-2026:4548

https://access.redhat.com/errata/RHSA-2026:4547

https://access.redhat.com/errata/RHSA-2026:4546

https://access.redhat.com/errata/RHSA-2026:4544

https://access.redhat.com/errata/RHSA-2026:4528

https://access.redhat.com/errata/RHSA-2026:4524

https://access.redhat.com/errata/RHSA-2026:4518

https://access.redhat.com/errata/RHSA-2026:4516

https://access.redhat.com/errata/RHSA-2026:4515

https://access.redhat.com/errata/RHSA-2026:4509

https://access.redhat.com/errata/RHSA-2026:4506

https://access.redhat.com/errata/RHSA-2026:4505

https://access.redhat.com/errata/RHSA-2026:4504

https://access.redhat.com/errata/RHSA-2026:4475

https://access.redhat.com/errata/RHSA-2026:4441

https://access.redhat.com/errata/RHSA-2026:4254

https://access.redhat.com/errata/RHSA-2026:4110

https://access.redhat.com/errata/RHSA-2026:4075

https://access.redhat.com/errata/RHSA-2026:4074

https://access.redhat.com/errata/RHSA-2026:4064

https://access.redhat.com/errata/RHSA-2026:4063

https://access.redhat.com/errata/RHSA-2026:4059

https://access.redhat.com/errata/RHSA-2026:4024

https://access.redhat.com/errata/RHSA-2026:3896

https://access.redhat.com/errata/RHSA-2026:3887

https://access.redhat.com/errata/RHSA-2026:3730

https://access.redhat.com/errata/RHSA-2026:19010

https://access.redhat.com/errata/RHSA-2026:19009

Details

Source: Mitre, NVD

Published: 2026-02-12

Updated: 2026-06-30

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00095