CVE-2026-2006
Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
| Software | From | Fixed in |
|---|---|---|
| postgresql / postgresql | 14.0 | 14.21 |
| postgresql / postgresql | 15.0 | 15.16 |
| postgresql / postgresql | 16.0 | 16.12 |
| postgresql / postgresql | 17.0 | 17.8 |
| postgresql / postgresql | 18.0 | 18.2 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime