{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-2004","assignerOrgId":"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007","state":"PUBLISHED","assignerShortName":"PostgreSQL","dateReserved":"2026-02-05T18:17:54.681Z","datePublished":"2026-02-12T13:00:08.857Z","dateUpdated":"2026-02-26T14:44:21.641Z"},"containers":{"cna":{"providerMetadata":{"orgId":"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007","shortName":"PostgreSQL","dateUpdated":"2026-02-12T13:00:08.857Z"},"title":"PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code","descriptions":[{"lang":"en","value":"Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.  Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected."}],"affected":[{"defaultStatus":"unaffected","product":"PostgreSQL","vendor":"n/a","versions":[{"lessThan":"18.2","status":"affected","version":"18","versionType":"rpm"},{"lessThan":"17.8","status":"affected","version":"17","versionType":"rpm"},{"lessThan":"16.12","status":"affected","version":"16","versionType":"rpm"},{"lessThan":"15.16","status":"affected","version":"15","versionType":"rpm"},{"lessThan":"14.21","status":"affected","version":"0","versionType":"rpm"}]}],"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-1287","type":"CWE","description":"Improper Validation of Specified Type of Input"}]}],"references":[{"url":"https://www.postgresql.org/support/security/CVE-2026-2004/"}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH"}}],"configurations":[{"lang":"en","value":"Attacker has permission to install a vulnerable extension, e.g. intarray.  Alternatively, a vulnerable extension is already installed, and the attacker has permission to create objects (temporary objects or non-temporary objects in at least one schema)."}],"credits":[{"lang":"en","value":"The PostgreSQL project thanks Daniel Firer, as part of zeroday.cloud, for reporting this problem."}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2026-2004","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2026-02-13T04:56:33.418080Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T14:44:21.641Z"}}]}}