{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-2004","assignerOrgId":"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007","state":"PUBLISHED","assignerShortName":"PostgreSQL","dateReserved":"2026-02-05T18:17:54.681Z","datePublished":"2026-02-12T13:00:08.857Z","dateUpdated":"2026-06-30T12:07:04.172Z"},"containers":{"cna":{"providerMetadata":{"orgId":"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007","shortName":"PostgreSQL","dateUpdated":"2026-02-12T13:00:08.857Z"},"title":"PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code","descriptions":[{"lang":"en","value":"Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database.  Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected."}],"affected":[{"defaultStatus":"unaffected","product":"PostgreSQL","vendor":"n/a","versions":[{"lessThan":"18.2","status":"affected","version":"18","versionType":"rpm"},{"lessThan":"17.8","status":"affected","version":"17","versionType":"rpm"},{"lessThan":"16.12","status":"affected","version":"16","versionType":"rpm"},{"lessThan":"15.16","status":"affected","version":"15","versionType":"rpm"},{"lessThan":"14.21","status":"affected","version":"0","versionType":"rpm"}]}],"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-1287","type":"CWE","description":"Improper Validation of Specified Type of Input"}]}],"references":[{"url":"https://www.postgresql.org/support/security/CVE-2026-2004/"}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH"}}],"configurations":[{"lang":"en","value":"Attacker has permission to install a vulnerable extension, e.g. intarray.  Alternatively, a vulnerable extension is already installed, and the attacker has permission to create objects (temporary objects or non-temporary objects in at least one schema)."}],"credits":[{"lang":"en","value":"The PostgreSQL project thanks Daniel Firer, as part of zeroday.cloud, for reporting this problem."}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2026-2004","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2026-02-13T04:56:33.418080Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T14:44:21.641Z"}},{"affected":[{"cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_aus:8.2::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream AUS (v. 8.2)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream AUS (v.8.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream AUS (v.8.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:8.6::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream E4S (v.8.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_tus:8.6::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream TUS (v.8.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream E4S (v.8.8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_tus:8.8::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream TUS (v.8.8)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream E4S (v.9.0)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_e4s:9.2::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream E4S (v.9.2)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.4::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.6::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream EUS (v.9.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::appstream"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux AppStream (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10.1","cpe:/o:redhat:enterprise_linux:10.2"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.4::crb"],"defaultStatus":"affected","product":"Red Hat CodeReady Linux Builder EUS (v.9.4)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhel_eus:9.6::crb"],"defaultStatus":"affected","product":"Red Hat CodeReady Linux Builder EUS (v.9.6)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:enterprise_linux:9::crb"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:hummingbird:1"],"defaultStatus":"affected","product":"Red Hat Hardened Images","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:rhui:5::el9"],"defaultStatus":"affected","product":"Red Hat Update Infrastructure 5","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"}],"datePublic":"2026-02-12T13:00:08.857Z","descriptions":[{"lang":"en","value":"A type validation flaw has been discovered in PostgreSQL. Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1287","description":"Improper Validation of Specified Type of Input","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-2004"},{"name":"RHBZ#2439325","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2439325"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2004.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4441"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3887"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19010"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:19009"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4064"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4024"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4059"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4063"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4506"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4509"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4504"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4505"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4516"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4075"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4074"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4515"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4518"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4254"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4475"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4548"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4544"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4524"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4546"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4547"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4528"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3896"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4110"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:3730"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:8756"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:4943"}],"solutions":[{"lang":"en","value":"RHSA-2026:4441: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"},{"lang":"en","value":"RHSA-2026:3887: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"},{"lang":"en","value":"RHSA-2026:19010: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"},{"lang":"en","value":"RHSA-2026:19009: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"},{"lang":"en","value":"RHSA-2026:4064: Red Hat Enterprise Linux AppStream (v. 8)"},{"lang":"en","value":"RHSA-2026:4024: Red Hat Enterprise Linux AppStream (v. 8)"},{"lang":"en","value":"RHSA-2026:4059: Red Hat Enterprise Linux AppStream (v. 8)"},{"lang":"en","value":"RHSA-2026:4063: Red Hat Enterprise Linux AppStream (v. 8)"},{"lang":"en","value":"RHSA-2026:4506: Red Hat Enterprise Linux AppStream AUS (v. 8.2)"},{"lang":"en","value":"RHSA-2026:4509: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"},{"lang":"en","value":"RHSA-2026:4504: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"},{"lang":"en","value":"RHSA-2026:4505: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"},{"lang":"en","value":"RHSA-2026:4516: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"},{"lang":"en","value":"RHSA-2026:4075: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"},{"lang":"en","value":"RHSA-2026:4074: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"},{"lang":"en","value":"RHSA-2026:4515: Red Hat Enterprise Linux AppStream E4S (v.8.8)"},{"lang":"en","value":"RHSA-2026:4518: Red Hat Enterprise Linux AppStream E4S (v.9.0)"},{"lang":"en","value":"RHSA-2026:4254: Red Hat Enterprise Linux AppStream E4S (v.9.2)"},{"lang":"en","value":"RHSA-2026:4475: Red Hat Enterprise Linux AppStream E4S (v.9.2)"},{"lang":"en","value":"RHSA-2026:4548: Red Hat Enterprise Linux AppStream EUS (v.9.4)"},{"lang":"en","value":"RHSA-2026:4544: Red Hat Enterprise Linux AppStream EUS (v.9.4)"},{"lang":"en","value":"RHSA-2026:4524: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4)"},{"lang":"en","value":"RHSA-2026:4546: Red Hat Enterprise Linux AppStream EUS (v.9.6)"},{"lang":"en","value":"RHSA-2026:4547: Red Hat Enterprise Linux AppStream EUS (v.9.6)"},{"lang":"en","value":"RHSA-2026:4528: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"},{"lang":"en","value":"RHSA-2026:3896: Red Hat Enterprise Linux AppStream (v. 9)"},{"lang":"en","value":"RHSA-2026:4110: Red Hat Enterprise Linux AppStream (v. 9)"},{"lang":"en","value":"RHSA-2026:3730: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"},{"lang":"en","value":"RHSA-2026:8756: Red Hat Hardened Images"},{"lang":"en","value":"RHSA-2026:4943: Red Hat Update Infrastructure 5"}],"timeline":[{"lang":"en","time":"2026-02-12T14:01:31.249Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-02-12T13:00:08.857Z","value":"Made public."}],"title":"postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:07:04.172Z"}}]}}