CVE-2026-32286
highCVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 80% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: March 26, 2026 (106 days ago)
Last Modified: March 26, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.
CWE
CWE-1285Affected Products
Assisted Installer for Red Hat OpenShift Container Platform 2Multicluster Engine for KubernetesMulticluster Global HubRed Hat Advanced Cluster Management for Kubernetes 2Red Hat Advanced Cluster Security 4Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Hardened ImagesRed Hat OpenShift AI (RHOAI)