Vulnerability Database

324,292

Total vulnerabilities in the database

CVE-2026-2005

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Published: Feb 12, 2026
Updated: Feb 13, 2026
CVE: CVE-2026-2005
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-122

Affected Software
References

Software	From	Fixed in
postgresql / postgresql	14.0	14.21
postgresql / postgresql	15.0	15.16
postgresql / postgresql	16.0	16.12
postgresql / postgresql	17.0	17.8
postgresql / postgresql	18.0	18.2

https://www.postgresql.org/support/security/CVE-2026-2005/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo