{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2005", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "state": "PUBLISHED", "assignerShortName": "PostgreSQL", "dateReserved": "2026-02-05T18:17:55.613Z", "datePublished": "2026-02-12T13:00:09.784Z", "dateUpdated": "2026-02-13T04:56:32.235Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2026-02-12T13:00:09.784Z"}, "title": "PostgreSQL pgcrypto heap buffer overflow executes arbitrary code", "descriptions": [{"lang": "en", "value": "Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected."}], "affected": [{"defaultStatus": "unaffected", "product": "PostgreSQL", "vendor": "n/a", "versions": [{"lessThan": "18.2", "status": "affected", "version": "18", "versionType": "rpm"}, {"lessThan": "17.8", "status": "affected", "version": "17", "versionType": "rpm"}, {"lessThan": "16.12", "status": "affected", "version": "16", "versionType": "rpm"}, {"lessThan": "15.16", "status": "affected", "version": "15", "versionType": "rpm"}, {"lessThan": "14.21", "status": "affected", "version": "0", "versionType": "rpm"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-122", "type": "CWE", "description": "Heap-based Buffer Overflow"}]}], "references": [{"url": "https://www.postgresql.org/support/security/CVE-2026-2005/"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "configurations": [{"lang": "en", "value": "attacker has permission to install pgcrypto or pass arbitrary ciphertext to an already-installed pgcrypto"}], "credits": [{"lang": "en", "value": "The PostgreSQL project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem."}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-12T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-2005"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-13T04:56:32.235Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2005", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-12T14:31:50.522599Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-12T14:31:55.897Z"}}], "cna": {"title": "PostgreSQL pgcrypto heap buffer overflow executes arbitrary code", "credits": [{"lang": "en", "value": "The PostgreSQL project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "n/a", "product": "PostgreSQL", "versions": [{"status": "affected", "version": "18", "lessThan": "18.2", "versionType": "rpm"}, {"status": "affected", "version": "17", "lessThan": "17.8", "versionType": "rpm"}, {"status": "affected", "version": "16", "lessThan": "16.12", "versionType": "rpm"}, {"status": "affected", "version": "15", "lessThan": "15.16", "versionType": "rpm"}, {"status": "affected", "version": "0", "lessThan": "14.21", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.postgresql.org/support/security/CVE-2026-2005/"}], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}], "configurations": [{"lang": "en", "value": "attacker has permission to install pgcrypto or pass arbitrary ciphertext to an already-installed pgcrypto"}], "providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2026-02-12T13:00:09.784Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2005", "state": "PUBLISHED", "dateUpdated": "2026-02-13T04:56:32.235Z", "dateReserved": "2026-02-05T18:17:55.613Z", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "datePublished": "2026-02-12T13:00:09.784Z", "assignerShortName": "PostgreSQL"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected."}], "id": "CVE-2026-2005", "lastModified": "2026-02-12T15:10:37.307", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary"}]}, "published": "2026-02-12T14:16:02.350", "references": [{"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "url": "https://www.postgresql.org/support/security/CVE-2026-2005/"}], "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary"}]}

{"bugzilla": {"description": "postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code", "id": "2439326", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439326"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-120", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-2005", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "postgresql16", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "postgresql18", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "postgresql:12/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "postgresql:13/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "postgresql:15/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "postgresql:16/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "postgresql:15/postgresql", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "postgresql:16/postgresql", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-12T13:00:09Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-2005\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2005\nhttps://www.postgresql.org/support/security/CVE-2026-2005/"], "threat_severity": "Important"}

{}