Heap Buffer Overflow in PostgreSQL pgcrypto (pre 18.2/17.8/16.12/15.16/14.21) OS Exploit
CVE-2026-2005 Published on February 12, 2026

PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

NVD

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Products Associated with CVE-2026-2005

stack.watch emails you whenever new vulnerabilities are published in PostgreSQL or Canonical Ubuntu Linux. Just hit a watch button to start following.

PostgreSQL

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.08%

Percentile

22.46%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Heap Buffer Overflow in PostgreSQL pgcrypto (pre 18.2/17.8/16.12/15.16/14.21) OS ExploitCVE-2026-2005 Published on February 12, 2026

Weakness Type

Heap-based Buffer Overflow

Products Associated with CVE-2026-2005

Exploit Probability

Heap Buffer Overflow in PostgreSQL pgcrypto (pre 18.2/17.8/16.12/15.16/14.21) OS Exploit
CVE-2026-2005 Published on February 12, 2026