VYPR
Unrated severityNVD Advisory· Published Feb 12, 2026· Updated Feb 26, 2026

PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code

CVE-2026-2004

Description

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

137

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.