Unrated severityNVD Advisory· Published Feb 12, 2026· Updated Feb 26, 2026
PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
CVE-2026-2005
Description
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
137- PostgreSQL/pgcryptodescription
- Range: <18.2, <17.8, <16.12, <15.16, <14.21
- osv-coords135 versionspkg:apk/chainguard/postgresql-13pkg:apk/wolfi/postgresql-13pkg:bitnami/postgresqlpkg:rpm/almalinux/pgauditpkg:rpm/almalinux/pg_repackpkg:rpm/almalinux/pgvectorpkg:rpm/almalinux/postgispkg:rpm/almalinux/postgis-clientpkg:rpm/almalinux/postgis-docspkg:rpm/almalinux/postgis-upgradepkg:rpm/almalinux/postgis-utilspkg:rpm/almalinux/postgres-decoderbufspkg:rpm/almalinux/postgresqlpkg:rpm/almalinux/postgresql18pkg:rpm/almalinux/postgresql18-contribpkg:rpm/almalinux/postgresql18-docspkg:rpm/almalinux/postgresql18-plperlpkg:rpm/almalinux/postgresql18-plpython3pkg:rpm/almalinux/postgresql18-private-develpkg:rpm/almalinux/postgresql18-private-libspkg:rpm/almalinux/postgresql18-serverpkg:rpm/almalinux/postgresql18-server-develpkg:rpm/almalinux/postgresql18-staticpkg:rpm/almalinux/postgresql18-testpkg:rpm/almalinux/postgresql18-test-rpm-macrospkg:rpm/almalinux/postgresql18-upgradepkg:rpm/almalinux/postgresql18-upgrade-develpkg:rpm/almalinux/postgresql-contribpkg:rpm/almalinux/postgresql-docspkg:rpm/almalinux/postgresql-plperlpkg:rpm/almalinux/postgresql-plpython3pkg:rpm/almalinux/postgresql-pltclpkg:rpm/almalinux/postgresql-private-develpkg:rpm/almalinux/postgresql-private-libspkg:rpm/almalinux/postgresql-serverpkg:rpm/almalinux/postgresql-server-develpkg:rpm/almalinux/postgresql-staticpkg:rpm/almalinux/postgresql-testpkg:rpm/almalinux/postgresql-test-rpm-macrospkg:rpm/almalinux/postgresql-upgradepkg:rpm/almalinux/postgresql-upgrade-develpkg:rpm/opensuse/postgresql14&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/postgresql14&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/postgresql14&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql15&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/postgresql15&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/postgresql15&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql16&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/postgresql16&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/postgresql16&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql17&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/postgresql17&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/postgresql17&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql18&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/postgresql18&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/postgresql18&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql18-mini&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 13.23-r5+ 134 more
- (no CPE)range: < 13.23-r5
- (no CPE)range: < 13.23-r5
- (no CPE)range: < 14.21.0
- (no CPE)range: < 1.7.0-1.module_el9.3.0+52+21733919
- (no CPE)range: < 1.4.8-2.module_el9.5.0+119+18833d03
- (no CPE)range: < 0.6.2-2.module_el9.6.0+167+4e561146
- (no CPE)range: < 3.5.3-3.module_el9.7.0+187+2286ff0a
- (no CPE)range: < 3.5.3-3.module_el9.7.0+187+2286ff0a
- (no CPE)range: < 3.5.3-3.module_el9.7.0+187+2286ff0a
- (no CPE)range: < 3.5.3-3.module_el9.7.0+187+2286ff0a
- (no CPE)range: < 3.5.3-3.module_el9.7.0+187+2286ff0a
- (no CPE)range: < 1.9.7-1.Final.module_el9.3.0+52+21733919
- (no CPE)range: < 16.13-1.el10_2
- (no CPE)range: < 18.3-1.el10_2
- (no CPE)range: < 18.3-1.el10_2
- (no CPE)range: < 18.3-1.el10_2
- (no CPE)range: < 18.3-1.el10_2
- (no CPE)range: < 18.3-1.el10_2
- (no CPE)range: < 18.3-1.el10_2
- (no CPE)range: < 18.3-1.el10_2
- (no CPE)range: < 18.3-1.el10_2
- (no CPE)range: < 18.3-1.el10_2
- (no CPE)range: < 18.3-1.el10_2
- (no CPE)range: < 18.3-1.el10_2
- (no CPE)range: < 18.3-1.el10_2
- (no CPE)range: < 18.3-1.el10_2
- (no CPE)range: < 18.3-1.el10_2
- (no CPE)range: < 16.13-1.el10_2
- (no CPE)range: < 16.13-1.el10_2
- (no CPE)range: < 16.13-1.el10_2
- (no CPE)range: < 16.13-1.el10_2
- (no CPE)range: < 16.13-1.el10_2
- (no CPE)range: < 16.13-1.el10_2
- (no CPE)range: < 16.13-1.el10_2
- (no CPE)range: < 16.13-1.el10_2
- (no CPE)range: < 16.13-1.el10_2
- (no CPE)range: < 16.13-1.el10_2
- (no CPE)range: < 16.13-1.el10_2
- (no CPE)range: < 16.13-1.el10_2
- (no CPE)range: < 16.13-1.el10_2
- (no CPE)range: < 16.13-1.el10_2
- (no CPE)range: < 14.22-150600.16.28.1
- (no CPE)range: < 14.21-160000.1.1
- (no CPE)range: < 14.21-1.1
- (no CPE)range: < 15.17-150600.16.28.1
- (no CPE)range: < 15.16-160000.1.1
- (no CPE)range: < 15.16-1.1
- (no CPE)range: < 16.13-150600.16.30.1
- (no CPE)range: < 16.13-160000.1.1
- (no CPE)range: < 16.12-1.1
- (no CPE)range: < 17.9-150600.13.24.1
- (no CPE)range: < 17.9-160000.1.1
- (no CPE)range: < 17.8-1.1
- (no CPE)range: < 18.3-150600.13.8.1
- (no CPE)range: < 18.3-160000.1.1
- (no CPE)range: < 18.2-1.1
- (no CPE)range: < 18.3-160000.1.1
- (no CPE)range: < 14.22-150200.5.69.1
- (no CPE)range: < 14.22-150200.5.69.1
- (no CPE)range: < 14.22-150600.16.28.1
- (no CPE)range: < 14.22-150600.16.28.1
- (no CPE)range: < 14.21-3.66.1
- (no CPE)range: < 14.22-150200.5.69.1
- (no CPE)range: < 14.22-150200.5.69.1
- (no CPE)range: < 14.22-150600.16.28.1
- (no CPE)range: < 14.21-160000.1.1
- (no CPE)range: < 14.22-150200.5.69.1
- (no CPE)range: < 14.22-150200.5.69.1
- (no CPE)range: < 14.22-150600.16.28.1
- (no CPE)range: < 14.21-160000.1.1
- (no CPE)range: < 14.21-3.66.1
- (no CPE)range: < 15.17-150200.5.54.1
- (no CPE)range: < 15.17-150200.5.54.1
- (no CPE)range: < 15.17-150200.5.54.1
- (no CPE)range: < 15.17-150200.5.54.1
- (no CPE)range: < 15.17-150600.16.28.1
- (no CPE)range: < 15.16-3.50.1
- (no CPE)range: < 15.17-150200.5.54.1
- (no CPE)range: < 15.17-150200.5.54.1
- (no CPE)range: < 15.17-150600.16.28.1
- (no CPE)range: < 15.16-160000.1.1
- (no CPE)range: < 15.17-150200.5.54.1
- (no CPE)range: < 15.17-150200.5.54.1
- (no CPE)range: < 15.17-150600.16.28.1
- (no CPE)range: < 15.16-160000.1.1
- (no CPE)range: < 15.16-3.50.1
- (no CPE)range: < 16.12-150200.5.38.1
- (no CPE)range: < 16.12-150200.5.38.1
- (no CPE)range: < 16.12-150200.5.38.1
- (no CPE)range: < 16.12-150200.5.38.1
- (no CPE)range: < 16.13-150600.16.30.1
- (no CPE)range: < 16.13-150600.16.30.1
- (no CPE)range: < 16.13-150600.16.30.1
- (no CPE)range: < 16.12-3.38.1
- (no CPE)range: < 16.12-150200.5.38.1
- (no CPE)range: < 16.12-150200.5.38.1
- (no CPE)range: < 16.13-150600.16.30.1
- (no CPE)range: < 16.13-160000.1.1
- (no CPE)range: < 16.12-150200.5.38.1
- (no CPE)range: < 16.12-150200.5.38.1
- (no CPE)range: < 16.13-150600.16.30.1
- (no CPE)range: < 16.13-160000.1.1
- (no CPE)range: < 16.12-3.38.1
- (no CPE)range: < 17.8-150200.5.22.1
- (no CPE)range: < 17.8-150200.5.22.1
- (no CPE)range: < 17.8-150200.5.22.1
- (no CPE)range: < 17.8-150200.5.22.1
- (no CPE)range: < 17.9-150600.13.24.1
- (no CPE)range: < 17.9-150600.13.24.1
- (no CPE)range: < 17.9-150600.13.24.1
- (no CPE)range: < 17.8-150200.5.22.1
- (no CPE)range: < 17.8-150200.5.22.1
- (no CPE)range: < 17.9-150600.13.24.1
- (no CPE)range: < 17.9-160000.1.1
- (no CPE)range: < 17.8-150200.5.22.1
- (no CPE)range: < 17.8-150200.5.22.1
- (no CPE)range: < 17.9-150600.13.24.1
- (no CPE)range: < 17.9-160000.1.1
- (no CPE)range: < 18.2-150200.5.6.1
- (no CPE)range: < 18.2-150200.5.6.1
- (no CPE)range: < 18.2-150200.5.6.1
- (no CPE)range: < 18.2-150200.5.6.1
- (no CPE)range: < 18.3-150600.13.8.1
- (no CPE)range: < 18.3-150600.13.8.1
- (no CPE)range: < 18.3-150600.13.8.1
- (no CPE)range: < 18.2-8.6.1
- (no CPE)range: < 18.2-150200.5.6.1
- (no CPE)range: < 18.2-150200.5.6.1
- (no CPE)range: < 18.3-150600.13.8.1
- (no CPE)range: < 18.3-160000.1.1
- (no CPE)range: < 18.2-150200.5.6.1
- (no CPE)range: < 18.2-150200.5.6.1
- (no CPE)range: < 18.3-150600.13.8.1
- (no CPE)range: < 18.3-160000.1.1
- (no CPE)range: < 18.2-8.6.1
Patches
Vulnerability mechanics
References
1News mentions
1- ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and MoreThe Hacker News · May 11, 2026