postgresql security update

An update is available for postgresql. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management system DBM...

RLSA-2026:3730 Important: postgresql security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator...

RockyLinux 9 : postgresql:15 (RLSA-2026:3896)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3896 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

SUSE SLES15 Security Update : postgresql17 (SUSE-SU-2026:0787-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0787-1 advisory. This update for postgresql17 fixes the following issue: Update to version 17.9 bsc1258754. Regression fixes: - the substring function raises...

RockyLinux 10 : postgresql16 (RLSA-2026:3887)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3887 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

Important: postgresql

Issue Overview: Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before...

Oracle Linux 9 : postgresql (ELSA-2026-3730)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3730 advisory. Wed Feb 25 2026 Filip Janus - 13.23-2 - fix CVE-2026-2004 CVE-2026-2005 CVE-2026-2006 Tenable has extracted the preceding description block directly fr...

SUSE SLES15 Security Update : postgresql14 (SUSE-SU-2026:0768-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0768-1 advisory. Update to version 14.22 bsc1258754. Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : PostgreSQL vulnerabilities (USN-8072-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8072-1 advisory. Altan Birler discovered that PostgreSQL incorrectly validated oidvector types. An attacker could possibly use this issue to obtain a...

Oracle Linux 10 : postgresql16 (ELSA-2026-3887)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3887 advisory. - Fix CVE-2026-2004: PostgreSQL intarray missing validation of type of input - Fix CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow - Fix...

RockyLinux 9 : postgresql (RLSA-2026:3730)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:3730 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

Unable to Generate Reports Due to Error “Veeam ONE Caching Service Maintenance”

Challenge When attempting to generate reports in Veeam ONE the report fails to load and instead for following error is displayed: Veeam ONE Caching Service Maintenance The caching service database is being prepared for the maintenance window. Often, when this error is shown, the following error...

Amazon Linux 2023 : postgresql15, postgresql15-contrib, postgresql15-llvmjit (ALAS2023-2026-1456)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1456 advisory. Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of...

PT-2026-23638

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.3 Description Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against...

PT-2026-23803

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.2.12 Description WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval, contains a remote code execution RCE issue in its database query functionality. The application's validation...

Amazon Linux 2 : postgresql, --advisory ALAS2POSTGRESQL14-2026-022 (ALASPOSTGRESQL14-2026-022)

The version of postgresql installed on the remote host is prior to 14.21-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2POSTGRESQL14-2026-022 advisory. Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server...

AlmaLinux 10 : postgresql16 (ALSA-2026:3887)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:3887 advisory. postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2006 postgresql: PostgreSQL intarray missing...

Amazon Linux 2023 : postgresql17, postgresql17-contrib, postgresql17-llvmjit (ALAS2023-2026-1457)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1457 advisory. Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of...

Amazon Linux 2023 : postgresql16, postgresql16-contrib, postgresql16-llvmjit (ALAS2023-2026-1458)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1458 advisory. Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of...

postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database...