CVE-2026-2005

HIGH LAB

PostgreSQL <18.2, 17.8, 16.12, 15.16, 14.21 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2026-2005. PoCs published by Hex0rc1st, XZ1r0, var77.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-2005, a heap-based buffer overflow in PostgreSQL's pgcrypto extension. The exploit demonstrates arbitrary memory read/write and privilege escalation to superuser via crafted PGP session key parsing.

Description

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Exploits (4)

github WORKING POC
by XZ1r0 · pythonpoc
https://github.com/XZ1r0/cve-2026-poc-collection/tree/main/other/CVE-2026-2005

This repository contains a functional exploit for CVE-2026-2005, a heap-based buffer overflow in PostgreSQL's pgcrypto extension. The exploit demonstrates arbitrary memory read/write and privilege escalation to superuser via crafted PGP session key parsing.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: PostgreSQL with pgcrypto extension
Auth required
Prerequisites: PostgreSQL binary compiled from vulnerable commit · Python dependencies (psycopg2-binary) · Database credentials
devstral-2 · analyzed May 21, 2026 Full analysis →
nomisec WORKING POC
by var77 · poc
https://github.com/var77/CVE-2026-2005

This repository contains a functional exploit for CVE-2026-2005, a heap-based buffer overflow in PostgreSQL's pgcrypto extension. The exploit demonstrates privilege escalation to superuser via a crafted PGP session key, leveraging arbitrary read/write primitives to overwrite CurrentUserId.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: PostgreSQL with pgcrypto extension (vulnerable commit 4b324845)
Auth required
Prerequisites: PostgreSQL compiled from vulnerable commit · pgcrypto extension enabled · valid database credentials
devstral-2 · analyzed May 14, 2026 Full analysis →
nomisec WRITEUP
by stvm8 · poc
https://github.com/stvm8/CVE-2026-2005_lab

This repository provides a detailed technical analysis and lab setup for CVE-2026-2005, a heap buffer overflow in PostgreSQL's pgcrypto extension. It includes a Docker-based lab environment for practicing exploitation, with clear objectives and background on the vulnerability.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: PostgreSQL ≤ 17.7 / 16.11 / 15.15 / 14.20 / 18.1
Auth required
Prerequisites: Docker · Docker Compose · PostgreSQL credentials
devstral-2 · analyzed May 05, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0068
EPSS Percentile 47.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Lab Environment

COMMUNITY SUSPICIOUS
Community Lab
docker pull postgres:16.11
+1 more repos

Details

CWE
CWE-122
Status published
Products (1)
postgresql/postgresql 14.0 - 14.21
Published Feb 12, 2026
Tracked Since Feb 18, 2026