Volerion logoVolerion
Volerion logoVolerion

PostgreSQL Buffer Overrun Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A buffer overrun vulnerability has been identified in PostgreSQL text manipulation, due to missing validation of multibyte character length. This issue allows a database user to execute crafted queries that can lead to arbitrary code execution, with the code running as the operating system user associated with the database. Affected versions include those prior to PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server, with the executed code running as the operating system user that the database server process is using.

Remediation

Users can upgrade to PostgreSQL versions 18.2, 17.8, 16.12, 15.16, or 14.21 to address this vulnerability.

Added: Feb 12, 2026, 4:02 PM
Updated: Feb 12, 2026, 4:02 PM

Vulnerability Rating

Custom Algorithm
spread
8.1
impact
10.0
exploitability
4.3
remediation
7.7
relevance
3.0
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.