Primary

Context

pgvector Buffer Overflow Vulnerability in HNSW Index Build Allowing Data Leakage or Server Crash

Vulnerability

A buffer overflow vulnerability has been identified in pgvector versions 0.6.0 through 0.8.1. This issue arises during the parallel construction of HNSW indexes, where integer wraparound can be exploited. A database user with the ability to create or reindex an HNSW index using parallel workers could potentially leak sensitive data from other relations or crash the database server.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, allowing for the leakage of sensitive data from other relations or causing a crash of the database server.

Remediation

Users running an affected version should upgrade to pgvector version 0.8.2 or later.

Added: Feb 26, 2026, 6:13 AM

Updated: Feb 26, 2026, 6:13 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

3.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

3.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

pgvector Buffer Overflow Vulnerability in HNSW Index Build Allowing Data Leakage or Server Crash

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating