CVE-2026-2007
PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory
CVSS Score
8.2
EPSS Score
0.0%
EPSS Percentile
0th
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.
| CWE | CWE-122 |
| Vendor | n/a |
| Product | postgresql |
| Ecosystems | |
| Industries | Technology |
| Published | Feb 12, 2026 |
| Last Updated | Jun 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a postgresql
Be the first to know when new high vulnerabilities affecting n/a postgresql are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / PostgreSQL
18 < 18.2
References
postgresql.org: https://www.postgresql.org/support/security/CVE-2026-2007/ access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-2007 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2439320 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2007.json access.redhat.com: https://access.redhat.com/errata/RHSA-2026:19009 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8756
Credits
The PostgreSQL project thanks Heikki Linnakangas for reporting this problem.