PT-2026-7844

🗓️ 01 Jan 2026 00:00:00Reported by Positive TechnologiesType

ptsecurity🔗 dbugs.ptsecurity.com👁 3 Views

Missing input type validation in PostgreSQL intarray estimator allows code execution as the database user; affected versions prior to 14.21, 15.16, 16.12, 17.8, 18.2.

Reporter	Title	Published	Views	Family All 1108
FreeBSD	PostgreSQL -- Multiple vulnerabilities	13 Nov 202500:00	–	freebsd
FreeBSD	PostgreSQL -- Multiple vulnerabilities	12 Feb 202600:00	–	freebsd
GithubExploit	Exploit for Heap-based Buffer Overflow in Postgresql	5 May 202608:24	–	githubexploit
GithubExploit	Exploit for Heap-based Buffer Overflow in Postgresql	13 May 202615:29	–	githubexploit
GithubExploit	Exploit for Heap-based Buffer Overflow in Postgresql	4 May 202617:37	–	githubexploit
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to multiple issues due to PostgreSQL	30 Dec 202516:26	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	2 Mar 202616:48	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)	29 Jan 202613:44	–	ibm
ATTACKERKB	CVE-2026-2005	12 Feb 202613:00	–	attackerkb
ATTACKERKB	CVE-2026-2006	12 Feb 202613:00	–	attackerkb

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-2004
osv	www.osv.dev/vulnerability/SUSE-SU-2026:0882-1
osv	www.osv.dev/vulnerability/ALSA-2026:3730
postgresql	www.postgresql.org/support/security/CVE-2026-2004
access	www.access.redhat.com/security/cve/CVE-2026-2004
twitter	www.twitter.com/pulsepatchio/status/2022682725384368270
access	www.access.redhat.com/errata/RHSA-2026:4059
redos	www.redos.red-soft.ru/support/secure/uyazvimosti/support/secure/uyazvimosti-red-os-8-0/uyazvimost-postgresql17-cve-2026-2004-8.0
osv	www.osv.dev/vulnerability/SUSE-SU-2026:0771-1
osv	www.osv.dev/vulnerability/SUSE-SU-2026:0584-1

05 May 2026 00:00Current

6Medium risk

Vulners AI Score6

CVSS 29

CVSS 3.18.8

EPSS0.00061

SSVC