Primary

Context

PostgreSQL Memory Disclosure Vulnerability via Improper oidvector Validation

Vulnerability

Patched

A vulnerability in PostgreSQL allows a database user to improperly disclose a few bytes of server memory due to inadequate validation of the 'oidvector' type. While it is theoretically possible for this memory disclosure to include confidential information, such scenarios appear unlikely. Affected versions include those prior to PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21.

Impact

Exploitation of this vulnerability leads to unauthorized memory disclosure, which could potentially be manipulated to extract sensitive information under certain conditions.

Remediation

Users can upgrade to PostgreSQL versions 18.2, 17.8, 16.12, 15.16, or 14.21 to address this vulnerability.

Added: Feb 12, 2026, 3:09 PM

Updated: Feb 12, 2026, 3:32 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

0.6

exploitability

3.5

remediation

7.7

relevance

3.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

0.6

exploitability

3.5

remediation

7.7

relevance

3.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PostgreSQL Memory Disclosure Vulnerability via Improper oidvector Validation

Vulnerability

Impact

Remediation

Affected Products

PostgreSQL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating