Patches have been launched for all these flaws, with each PostgreSQL and MariaDB maintainers urging customers to improve to mounted variations instantly.
Multiple crack in PostgreSQL’s basis
The extra urgent of the PostgreSQL zero-day flaws is a heap-based buffer overflow subject, tracked as CVE-2026-2005, within the “pgcrypto” extension. By utilizing specifically crafted enter, an attacker can set off a dimension mismatch that results in out-of-bounds writes on the heap, researchers stated in a weblog submit.
In environments the place pgcrypto processes user-controlled enter, this may be leveraged to realize distant code execution on the database server.
The flaw affected all supported variations, and has been mounted in updates together with v18.2,v17.8,v16.12,v15.16, and v14.21. It acquired a high-severity score of CVSS 8.8 out of 10. “The weak code has been current since pgcrypto was first contributed in 2005, greater than 20 years in the past,” the researchers added.
