Skip to content

CVE-2026-2006 on CTRL-OS 24.05

Packages: postgresql

Status: New

CVE Information

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Updates

2026-04-07 18:19 CEST

Metadata changes:

  • Status for package postgresql: “New