CVE-2026-2007

high Red Hat
CVSS v3 Base Score
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 83% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
Low
Availability
High
Published: February 12, 2026 (91 days ago)
Last Modified: February 12, 2026
Vendor: Red Hat

Description

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.

CWE

CWE-120

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 9

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 www.postgresql.org