CVE-2026-2007

HIGH

PostgreSQL <18.1-18.0 - Buffer Overflow

Title source: llm

Description

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.

References (1)

[Various Sources] https://www.postgresql.org/support/security/CVE-2026-2007/

Scores

CVSS v3 8.2

EPSS 0.0002

EPSS Percentile 5.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-122

Status published

Products (1)

postgresql/postgresql 18.0 - 18.2

Published Feb 12, 2026

Tracked Since Feb 18, 2026