Primary

Context

PostgreSQL intarray Extension Arbitrary Code Execution Vulnerability

Vulnerability

Patched

A vulnerability in the PostgreSQL intarray extension's selectivity estimator function allows object creators to execute arbitrary code as the operating system user running the database. This issue arises from missing validation of input types. Affected versions include those prior to PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the server, executed as the operating system user running the PostgreSQL database.

Remediation

Users can upgrade to PostgreSQL versions 18.2, 17.8, 16.12, 15.16, or 14.21 to address this vulnerability.

Added: Feb 12, 2026, 3:16 PM

Updated: Feb 12, 2026, 3:16 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

10.0

exploitability

4.5

remediation

7.7

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

10.0

exploitability

4.5

remediation

7.7

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PostgreSQL intarray Extension Arbitrary Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

PostgreSQL intarray

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating