Vulnerability in Postgresql

CVE-2026-2004

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17…

EPSS: 0.008 (51.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-2004?
CVE-2026-2004 is a high-severity vulnerability in Postgresql, classified under CWE-1287. CVSS score: 8.8/10. Published 2026-02-12.
How severe is CVE-2026-2004?
High severity. CVSS v3 base score is 8.8 out of 10.