CVE-2026-2003 PostgreSQL oidvector discloses a few bytes of memory

🗓️ 12 Feb 2026 13:00:06Reported by PostgreSQLType

CVE-2026-2003: PostgreSQL oidvector flaw may disclose a few bytes of server memory to a database user.

Reporter	Title	Published	Views	Family All 269
ATTACKERKB	CVE-2026-2003	12 Feb 202613:00	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2026-1456)	6 Mar 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : postgresql17, postgresql17-contrib, postgresql17-llvmjit (ALAS2023-2026-1457)	6 Mar 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : postgresql16, postgresql16-contrib, postgresql16-llvmjit (ALAS2023-2026-1458)	6 Mar 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : postgresql, --advisory ALAS2POSTGRESQL14-2026-022 (ALASPOSTGRESQL14-2026-022)	6 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : postgresql:16 (ALSA-2026:4110)	11 Mar 202600:00	–	nessus
Tenable Nessus	Debian dla-4524 : libecpg-compat3 - security update	21 Apr 202600:00	–	nessus
Tenable Nessus	Debian dsa-6132 : libecpg-compat3 - security update	13 Feb 202600:00	–	nessus
Tenable Nessus	Debian dsa-6133 : libecpg-compat3 - security update	13 Feb 202600:00	–	nessus
Tenable Nessus	FreeBSD : PostgreSQL -- Multiple vulnerabilities (e3afc190-0821-11f1-a857-6cc21735f730)	13 Feb 202600:00	–	nessus

[
  {
    "defaultStatus": "unaffected",
    "product": "PostgreSQL",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "18.2",
        "status": "affected",
        "version": "18",
        "versionType": "rpm"
      },
      {
        "lessThan": "17.8",
        "status": "affected",
        "version": "17",
        "versionType": "rpm"
      },
      {
        "lessThan": "16.12",
        "status": "affected",
        "version": "16",
        "versionType": "rpm"
      },
      {
        "lessThan": "15.16",
        "status": "affected",
        "version": "15",
        "versionType": "rpm"
      },
      {
        "lessThan": "14.21",
        "status": "affected",
        "version": "0",
        "versionType": "rpm"
      }
    ]
  }
]

Source	Link
postgresql	www.postgresql.org/support/security/CVE-2026-2003/

12 Feb 2026 13:00Current

CVSS 3.14.3

EPSS0.00023

CWE-1287