Critical severity9.8GHSA Advisory· Published May 8, 2026· Updated May 21, 2026
CVE-2026-41889
CVE-2026-41889
Description
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, that string literal contains text that would be would be interpreted as a placeholder outside of a string literal, and the value of that placeholder is controllable by the attacker. This issue has been patched in version 5.9.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/jackc/pgx/v5Go | < 5.9.2 | 5.9.2 |
github.com/jackc/pgx/v4Go | <= 4.18.3 | — |
github.com/jackc/pgxGo | <= 3.6.2 | — |
Affected products
275- osv-coords273 versionspkg:apk/chainguard/amasspkg:apk/chainguard/argo-workflow-controller-3.7pkg:apk/chainguard/argo-workflow-controller-4.0pkg:apk/chainguard/argo-workflow-controller-fips-3.7pkg:apk/chainguard/argo-workflow-executor-3.7pkg:apk/chainguard/argo-workflow-executor-4.0pkg:apk/chainguard/argo-workflows-3.7pkg:apk/chainguard/argo-workflows-4.0pkg:apk/chainguard/argo-workflows-fips-3.7pkg:apk/chainguard/authentik-2025.12-go-serverpkg:apk/chainguard/authentik-2026.2-go-serverpkg:apk/chainguard/authentik-fips-2025.12-go-serverpkg:apk/chainguard/authentik-fips-2026.2-go-serverpkg:apk/chainguard/azure-service-operatorpkg:apk/chainguard/azure-service-operator-fipspkg:apk/chainguard/bentopkg:apk/chainguard/bento-fipspkg:apk/chainguard/caddypkg:apk/chainguard/caddy-fipspkg:apk/chainguard/cerbospkg:apk/chainguard/certificate-transparency-fips-trillian-ctserverpkg:apk/chainguard/certificate-transparency-trillian-ctserverpkg:apk/chainguard/chainloop-control-planepkg:apk/chainguard/chainloop-control-plane-fipspkg:apk/chainguard/cloudnative-pgpkg:apk/chainguard/cloudnative-pg-fipspkg:apk/chainguard/cloudnative-pg-fips-pluginspkg:apk/chainguard/cloudnative-pg-pluginspkg:apk/chainguard/cloudproberpkg:apk/chainguard/cloudprober-fipspkg:apk/chainguard/commercial-chainloop-backendpkg:apk/chainguard/dapr-daprd-1.14pkg:apk/chainguard/dapr-daprd-1.15pkg:apk/chainguard/dapr-daprd-1.16pkg:apk/chainguard/dapr-daprd-1.17pkg:apk/chainguard/dapr-daprd-fips-1.14pkg:apk/chainguard/dapr-daprd-fips-1.15pkg:apk/chainguard/dapr-daprd-fips-1.16pkg:apk/chainguard/dapr-daprd-fips-1.17pkg:apk/chainguard/envoy-gateway-egctlpkg:apk/chainguard/envoy-gateway-fips-egctlpkg:apk/chainguard/falcosidekickpkg:apk/chainguard/falcosidekick-fipspkg:apk/chainguard/ferretdbpkg:apk/chainguard/flytepkg:apk/chainguard/gitaly-18.10pkg:apk/chainguard/gitaly-18.11pkg:apk/chainguard/gitaly-18.9pkg:apk/chainguard/gitaly-fips-18.10pkg:apk/chainguard/gitaly-fips-18.11pkg:apk/chainguard/gitaly-fips-18.9pkg:apk/chainguard/gitlab-container-registry-18.10pkg:apk/chainguard/gitlab-container-registry-18.11pkg:apk/chainguard/gitlab-container-registry-18.9pkg:apk/chainguard/gitlab-container-registry-fips-18.10pkg:apk/chainguard/gitlab-container-registry-fips-18.11pkg:apk/chainguard/gitlab-container-registry-fips-18.9pkg:apk/chainguard/gitlab-kas-18.11pkg:apk/chainguard/gitlab-kas-fips-18.11pkg:apk/chainguard/gitnesspkg:apk/chainguard/goosepkg:apk/chainguard/goose-fipspkg:apk/chainguard/gotruepkg:apk/chainguard/gotrue-fipspkg:apk/chainguard/grafana-11.6pkg:apk/chainguard/grafana-12.2pkg:apk/chainguard/grafana-12.3pkg:apk/chainguard/grafana-12.4pkg:apk/chainguard/grafana-13.0pkg:apk/chainguard/grafana-alloypkg:apk/chainguard/grafana-alloy-fipspkg:apk/chainguard/grafana-fips-11.6pkg:apk/chainguard/grafana-fips-12.2pkg:apk/chainguard/grafana-fips-12.3pkg:apk/chainguard/grafana-fips-12.4pkg:apk/chainguard/grafana-fips-13.0pkg:apk/chainguard/hydrapkg:apk/chainguard/hydra-fipspkg:apk/chainguard/jitsucom-bulker-bulkerpkg:apk/chainguard/jitsucom-bulker-sidecarpkg:apk/chainguard/jitsucom-bulker-syncctlpkg:apk/chainguard/juicefs-1.2pkg:apk/chainguard/juicefs-1.3pkg:apk/chainguard/k3spkg:apk/chainguard/k3s-1.31pkg:apk/chainguard/k3s-1.32pkg:apk/chainguard/k3s-1.33pkg:apk/chainguard/k3s-1.34pkg:apk/chainguard/k3s-1.35pkg:apk/chainguard/k3s-staticpkg:apk/chainguard/k3s-static-1.31pkg:apk/chainguard/k3s-static-1.32pkg:apk/chainguard/k3s-static-1.33pkg:apk/chainguard/k3s-static-1.34pkg:apk/chainguard/k3s-static-1.35pkg:apk/chainguard/keda-2.18pkg:apk/chainguard/keda-2.18-metrics-apiserverpkg:apk/chainguard/keda-2.19-metrics-apiserverpkg:apk/chainguard/keda-fips-2.18pkg:apk/chainguard/keda-fips-2.18-metrics-apiserverpkg:apk/chainguard/keda-fips-2.19pkg:apk/chainguard/keda-fips-2.19-metrics-apiserverpkg:apk/chainguard/kinepkg:apk/chainguard/kube-benchpkg:apk/chainguard/kube-bench-fipspkg:apk/chainguard/kubeflow-pipelines-apiserverpkg:apk/chainguard/kuma-cp-2.11pkg:apk/chainguard/kuma-cp-2.7pkg:apk/chainguard/kuma-cp-2.9pkg:apk/chainguard/kumactl-2.11pkg:apk/chainguard/kumactl-2.12pkg:apk/chainguard/kumactl-2.13pkg:apk/chainguard/kumactl-2.7pkg:apk/chainguard/kumactl-2.9pkg:apk/chainguard/kuma-dp-2.11pkg:apk/chainguard/kuma-dp-2.13pkg:apk/chainguard/kuma-dp-2.7pkg:apk/chainguard/kuma-dp-2.9pkg:apk/chainguard/ldap2pgpkg:apk/chainguard/openbaopkg:apk/chainguard/openbao-fipspkg:apk/chainguard/openfgapkg:apk/chainguard/openfga-fipspkg:apk/chainguard/opentelemetry-collector-contribpkg:apk/chainguard/opentelemetry-collector-contrib-fipspkg:apk/chainguard/ory-kratospkg:apk/chainguard/ory-kratos-fipspkg:apk/chainguard/peerdb-flowpkg:apk/chainguard/pg_timetablepkg:apk/chainguard/pg_timetable-fipspkg:apk/chainguard/pgwatchpkg:apk/chainguard/rke2-cloud-providerpkg:apk/chainguard/rke2-cloud-provider-fipspkg:apk/chainguard/rke2-runtime-1.33pkg:apk/chainguard/rke2-runtime-1.34pkg:apk/chainguard/rke2-runtime-1.35pkg:apk/chainguard/rke2-runtime-fips-1.33pkg:apk/chainguard/rke2-runtime-fips-1.34pkg:apk/chainguard/rke2-runtime-fips-1.35pkg:apk/chainguard/seaweedfspkg:apk/chainguard/seaweedfs-fipspkg:apk/chainguard/seaweedfs-rocksdbpkg:apk/chainguard/seaweedfs-rocksdb-fipspkg:apk/chainguard/sftpgopkg:apk/chainguard/sftpgo-plugin-eventsearchpkg:apk/chainguard/sftpgo-plugin-eventstorepkg:apk/chainguard/spicedbpkg:apk/chainguard/spicedb-fipspkg:apk/chainguard/spire-serverpkg:apk/chainguard/spire-server-fipspkg:apk/chainguard/splunk-otel-collectorpkg:apk/chainguard/splunk-otel-collector-fipspkg:apk/chainguard/spqrpkg:apk/chainguard/sql_exporterpkg:apk/chainguard/sql_exporter-fipspkg:apk/chainguard/srcpkg:apk/chainguard/steampipepkg:apk/chainguard/steppkg:apk/chainguard/step-capkg:apk/chainguard/step-ca-fipspkg:apk/chainguard/step-fipspkg:apk/chainguard/step-issuerpkg:apk/chainguard/step-issuer-fipspkg:apk/chainguard/telegraf-1.38pkg:apk/chainguard/teleport-17pkg:apk/chainguard/teleport-18pkg:apk/chainguard/temporalpkg:apk/chainguard/temporal-fipspkg:apk/chainguard/temporal-serverpkg:apk/chainguard/temporal-sql-toolpkg:apk/chainguard/temporal-sql-tool-fipspkg:apk/chainguard/timescaledb-parallel-copypkg:apk/chainguard/vault-2.0pkg:apk/chainguard/vault-fips-1.21pkg:apk/chainguard/vault-fips-2.0pkg:apk/chainguard/wal-g-pgpkg:apk/chainguard/zitadel-3pkg:apk/chainguard/zitadel-4pkg:apk/wolfi/amasspkg:apk/wolfi/argo-workflow-controller-3.7pkg:apk/wolfi/argo-workflow-controller-4.0pkg:apk/wolfi/argo-workflow-executor-3.7pkg:apk/wolfi/argo-workflow-executor-4.0pkg:apk/wolfi/argo-workflows-3.7pkg:apk/wolfi/argo-workflows-4.0pkg:apk/wolfi/azure-service-operatorpkg:apk/wolfi/bentopkg:apk/wolfi/caddypkg:apk/wolfi/cerbospkg:apk/wolfi/certificate-transparency-trillian-ctserverpkg:apk/wolfi/cloudnative-pgpkg:apk/wolfi/cloudnative-pg-pluginspkg:apk/wolfi/cloudproberpkg:apk/wolfi/dapr-daprd-1.15pkg:apk/wolfi/dapr-daprd-1.16pkg:apk/wolfi/dapr-daprd-1.17pkg:apk/wolfi/envoy-gateway-egctlpkg:apk/wolfi/falcosidekickpkg:apk/wolfi/ferretdbpkg:apk/wolfi/flytepkg:apk/wolfi/gitaly-18.10pkg:apk/wolfi/gitaly-18.11pkg:apk/wolfi/gitaly-18.9pkg:apk/wolfi/gitlab-kas-18.11pkg:apk/wolfi/gitnesspkg:apk/wolfi/grafana-11.6pkg:apk/wolfi/grafana-12.2pkg:apk/wolfi/grafana-12.3pkg:apk/wolfi/grafana-12.4pkg:apk/wolfi/grafana-13.0pkg:apk/wolfi/grafana-alloypkg:apk/wolfi/hydrapkg:apk/wolfi/jitsucom-bulker-bulkerpkg:apk/wolfi/jitsucom-bulker-sidecarpkg:apk/wolfi/jitsucom-bulker-syncctlpkg:apk/wolfi/juicefs-1.3pkg:apk/wolfi/k3spkg:apk/wolfi/k3s-1.32pkg:apk/wolfi/k3s-1.33pkg:apk/wolfi/k3s-1.34pkg:apk/wolfi/k3s-1.35pkg:apk/wolfi/k3s-staticpkg:apk/wolfi/k3s-static-1.32pkg:apk/wolfi/k3s-static-1.33pkg:apk/wolfi/k3s-static-1.34pkg:apk/wolfi/k3s-static-1.35pkg:apk/wolfi/keda-2.18pkg:apk/wolfi/keda-2.18-metrics-apiserverpkg:apk/wolfi/keda-2.19-metrics-apiserverpkg:apk/wolfi/kinepkg:apk/wolfi/kube-benchpkg:apk/wolfi/kubeflow-pipelines-apiserverpkg:apk/wolfi/kuma-cp-2.11pkg:apk/wolfi/kuma-cp-2.9pkg:apk/wolfi/kumactl-2.11pkg:apk/wolfi/kumactl-2.12pkg:apk/wolfi/kumactl-2.13pkg:apk/wolfi/kumactl-2.9pkg:apk/wolfi/kuma-dp-2.11pkg:apk/wolfi/kuma-dp-2.13pkg:apk/wolfi/kuma-dp-2.9pkg:apk/wolfi/openbaopkg:apk/wolfi/openfgapkg:apk/wolfi/opentelemetry-collector-contribpkg:apk/wolfi/pg_timetablepkg:apk/wolfi/rke2-cloud-providerpkg:apk/wolfi/seaweedfspkg:apk/wolfi/sftpgopkg:apk/wolfi/sftpgo-plugin-eventsearchpkg:apk/wolfi/sftpgo-plugin-eventstorepkg:apk/wolfi/spicedbpkg:apk/wolfi/spire-serverpkg:apk/wolfi/splunk-otel-collectorpkg:apk/wolfi/spqrpkg:apk/wolfi/sql_exporterpkg:apk/wolfi/srcpkg:apk/wolfi/steampipepkg:apk/wolfi/steppkg:apk/wolfi/step-capkg:apk/wolfi/step-issuerpkg:apk/wolfi/telegraf-1.38pkg:apk/wolfi/teleport-17pkg:apk/wolfi/teleport-18pkg:apk/wolfi/temporalpkg:apk/wolfi/temporal-serverpkg:apk/wolfi/temporal-sql-toolpkg:apk/wolfi/timescaledb-parallel-copypkg:apk/wolfi/wal-g-pgpkg:golang/github.com/jackc/pgxpkg:golang/github.com/jackc/pgx/v4pkg:golang/github.com/jackc/pgx/v5pkg:rpm/opensuse/alloy&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/steampipe&distro=openSUSE%20Tumbleweed
< 5.1.1-r1+ 272 more
- (no CPE)range: < 5.1.1-r1
- (no CPE)range: < 3.7.14-r0
- (no CPE)range: < 4.0.5-r0
- (no CPE)range: < 3.7.14-r0
- (no CPE)range: < 3.7.14-r0
- (no CPE)range: < 4.0.5-r0
- (no CPE)range: < 3.7.14-r0
- (no CPE)range: < 4.0.5-r0
- (no CPE)range: < 3.7.14-r0
- (no CPE)range: < 2025.12.4-r6
- (no CPE)range: < 2026.2.1-r6
- (no CPE)range: < 2025.12.4-r5
- (no CPE)range: < 2026.2.1-r5
- (no CPE)range: < 2.18.0-r7
- (no CPE)range: < 2.18.0-r6
- (no CPE)range: < 1.17.0-r2
- (no CPE)range: < 1.17.0-r2
- (no CPE)range: < 2.11.2-r13
- (no CPE)range: < 2.11.2-r9
- (no CPE)range: < 0.51.0-r19
- (no CPE)range: < 1.3.3-r7
- (no CPE)range: < 1.3.3-r7
- (no CPE)range: < 1.95.0-r0
- (no CPE)range: < 1.94.1-r1
- (no CPE)range: < 1.29.0-r5
- (no CPE)range: < 1.29.0-r4
- (no CPE)range: < 1.29.0-r4
- (no CPE)range: < 1.29.0-r5
- (no CPE)range: < 0.14.2-r9
- (no CPE)range: < 0.14.2-r7
- (no CPE)range: < 1.72.2-r0
- (no CPE)range: < 1.14.5-r21
- (no CPE)range: < 1.15.14-r3
- (no CPE)range: < 1.16.14-r1
- (no CPE)range: < 1.17.5-r1
- (no CPE)range: < 1.14.5-r20
- (no CPE)range: < 1.15.14-r2
- (no CPE)range: < 1.16.14-r1
- (no CPE)range: < 1.17.5-r1
- (no CPE)range: < 1.7.2-r7
- (no CPE)range: < 1.7.2-r4
- (no CPE)range: < 2.33.0-r5
- (no CPE)range: < 2.33.0-r4
- (no CPE)range: < 2.7.0-r15
- (no CPE)range: < 1.16.6-r0
- (no CPE)range: < 18.10.4-r3
- (no CPE)range: < 18.11.2-r2
- (no CPE)range: < 18.9.6-r3
- (no CPE)range: < 18.10.4-r1
- (no CPE)range: < 18.11.2-r3
- (no CPE)range: < 18.9.6-r1
- (no CPE)range: < 18.10.5-r1
- (no CPE)range: < 18.11.2-r1
- (no CPE)range: < 18.9.6-r1
- (no CPE)range: < 18.10.5-r1
- (no CPE)range: < 18.11.2-r1
- (no CPE)range: < 18.9.6-r1
- (no CPE)range: < 18.11.3-r1
- (no CPE)range: < 18.11.2-r2
- (no CPE)range: < 3.3.0-r14
- (no CPE)range: < 3.27.0-r6
- (no CPE)range: < 3.27.0-r6
- (no CPE)range: < 2.191.0-r2
- (no CPE)range: < 2.191.0-r2
- (no CPE)range: < 11.6.14.01-r10
- (no CPE)range: < 12.2.8.01-r9
- (no CPE)range: < 12.3.6.01-r3
- (no CPE)range: < 12.4.2-r10
- (no CPE)range: < 13.0.1-r2
- (no CPE)range: < 1.17.0-r0
- (no CPE)range: < 1.17.0-r0
- (no CPE)range: < 11.6.14.01-r4
- (no CPE)range: < 12.2.8.01-r4
- (no CPE)range: < 12.3.6.01-r3
- (no CPE)range: < 12.4.2-r9
- (no CPE)range: < 13.0.1-r2
- (no CPE)range: < 26.2.0-r4
- (no CPE)range: < 26.2.0-r4
- (no CPE)range: < 2.11.913-r24
- (no CPE)range: < 2.11.913-r24
- (no CPE)range: < 2.11.913-r24
- (no CPE)range: < 1.2.5-r10
- (no CPE)range: < 1.3.1-r13
- (no CPE)range: < 1.35.3.1-r6
- (no CPE)range: < 1.31.6.1-r24
- (no CPE)range: < 1.32.13.1-r14
- (no CPE)range: < 1.33.10.1-r9
- (no CPE)range: < 1.34.8.1-r0
- (no CPE)range: < 1.35.3.1-r9
- (no CPE)range: < 1.35.3.1-r6
- (no CPE)range: < 1.31.6.1-r24
- (no CPE)range: < 1.32.13.1-r14
- (no CPE)range: < 1.33.10.1-r9
- (no CPE)range: < 1.34.8.1-r0
- (no CPE)range: < 1.35.3.1-r9
- (no CPE)range: < 2.18.3-r10
- (no CPE)range: < 2.18.3-r10
- (no CPE)range: < 2.19.0-r12
- (no CPE)range: < 2.18.3-r7
- (no CPE)range: < 2.18.3-r7
- (no CPE)range: < 2.19.0-r6
- (no CPE)range: < 2.19.0-r6
- (no CPE)range: < 0.14.16-r3
- (no CPE)range: < 0.15.0-r8
- (no CPE)range: < 0.15.0-r6
- (no CPE)range: < 2.16.0-r17
- (no CPE)range: < 2.11.7-r12
- (no CPE)range: < 2.7.19-r12
- (no CPE)range: < 2.9.15-r0
- (no CPE)range: < 2.11.7-r12
- (no CPE)range: < 2.12.3-r13
- (no CPE)range: < 2.13.4-r3
- (no CPE)range: < 2.7.19-r12
- (no CPE)range: < 2.9.15-r0
- (no CPE)range: < 2.11.7-r12
- (no CPE)range: < 2.13.4-r3
- (no CPE)range: < 2.7.19-r12
- (no CPE)range: < 2.9.15-r0
- (no CPE)range: < 6.5.1-r1
- (no CPE)range: < 2.5.3-r0
- (no CPE)range: < 2.5.3-r0
- (no CPE)range: < 1.14.2-r1
- (no CPE)range: < 1.14.2-r1
- (no CPE)range: < 0.151.0-r0
- (no CPE)range: < 0.151.0-r0
- (no CPE)range: < 26.2.0-r5
- (no CPE)range: < 26.2.0-r5
- (no CPE)range: < 0.36.18-r1
- (no CPE)range: < 6.3.0-r2
- (no CPE)range: < 6.2.0-r8
- (no CPE)range: < 5.1.0-r4
- (no CPE)range: < 1.35.1-r7
- (no CPE)range: < 1.34.2-r12
- (no CPE)range: < 1.33.11.2.1-r1
- (no CPE)range: < 1.34.7.2.1-r1
- (no CPE)range: < 1.35.3.2.3-r3
- (no CPE)range: < 1.33.10.2.3-r2
- (no CPE)range: < 1.34.8.2.1-r0
- (no CPE)range: < 1.35.5.2.1-r0
- (no CPE)range: < 4.22-r0
- (no CPE)range: < 4.22-r0
- (no CPE)range: < 4.30-r0
- (no CPE)range: < 4.30-r0
- (no CPE)range: < 2.7.1-r9
- (no CPE)range: < 1.0.22-r7
- (no CPE)range: < 1.0.23-r4
- (no CPE)range: < 1.51.1-r1
- (no CPE)range: < 1.51.1-r1
- (no CPE)range: < 1.14.5-r4
- (no CPE)range: < 1.14.5-r3
- (no CPE)range: < 0.154.0-r1
- (no CPE)range: < 0.154.0-r1
- (no CPE)range: < 2.9.9-r0
- (no CPE)range: < 0.22.3-r1
- (no CPE)range: < 0.22.3-r1
- (no CPE)range: < 7.1.0-r1
- (no CPE)range: < 2.4.1-r4
- (no CPE)range: < 0.30.2-r4
- (no CPE)range: < 0.30.2-r5
- (no CPE)range: < 0.30.2-r5
- (no CPE)range: < 0.30.2-r4
- (no CPE)range: < 0.10.2-r7
- (no CPE)range: < 0.10.2-r3
- (no CPE)range: < 1.38.3-r2
- (no CPE)range: < 17.7.23-r0
- (no CPE)range: < 18.7.6-r0
- (no CPE)range: < 1.7.0-r0
- (no CPE)range: < 1.6.2-r7
- (no CPE)range: < 1.31.0-r0
- (no CPE)range: < 1.31.0-r0
- (no CPE)range: < 1.30.4-r1
- (no CPE)range: < 0.12.0-r10
- (no CPE)range: < 2.0.0-r4
- (no CPE)range: < 1.21.4-r7
- (no CPE)range: < 2.0.0-r4
- (no CPE)range: < 3.0.8-r13
- (no CPE)range: < 3.4.9-r7
- (no CPE)range: < 4.14.0-r0
- (no CPE)range: < 5.1.1-r1
- (no CPE)range: < 3.7.14-r0
- (no CPE)range: < 4.0.5-r0
- (no CPE)range: < 3.7.14-r0
- (no CPE)range: < 4.0.5-r0
- (no CPE)range: < 3.7.14-r0
- (no CPE)range: < 4.0.5-r0
- (no CPE)range: < 2.18.0-r7
- (no CPE)range: < 1.17.0-r2
- (no CPE)range: < 2.11.2-r13
- (no CPE)range: < 0.51.0-r19
- (no CPE)range: < 1.3.3-r7
- (no CPE)range: < 1.29.0-r5
- (no CPE)range: < 1.29.0-r5
- (no CPE)range: < 0.14.2-r9
- (no CPE)range: < 1.15.14-r3
- (no CPE)range: < 1.16.14-r1
- (no CPE)range: < 1.17.5-r1
- (no CPE)range: < 1.7.2-r7
- (no CPE)range: < 2.33.0-r5
- (no CPE)range: < 2.7.0-r15
- (no CPE)range: < 1.16.6-r0
- (no CPE)range: < 18.10.4-r3
- (no CPE)range: < 18.11.2-r2
- (no CPE)range: < 18.9.6-r3
- (no CPE)range: < 18.11.3-r1
- (no CPE)range: < 3.3.0-r14
- (no CPE)range: < 11.6.14.01-r10
- (no CPE)range: < 12.2.8.01-r9
- (no CPE)range: < 12.3.6.01-r3
- (no CPE)range: < 12.4.2-r10
- (no CPE)range: < 13.0.1-r2
- (no CPE)range: < 1.17.0-r0
- (no CPE)range: < 26.2.0-r4
- (no CPE)range: < 2.11.913-r24
- (no CPE)range: < 2.11.913-r24
- (no CPE)range: < 2.11.913-r24
- (no CPE)range: < 1.3.1-r13
- (no CPE)range: < 1.35.3.1-r6
- (no CPE)range: < 1.32.13.1-r14
- (no CPE)range: < 1.33.10.1-r9
- (no CPE)range: < 1.34.8.1-r0
- (no CPE)range: < 1.35.3.1-r9
- (no CPE)range: < 1.35.3.1-r6
- (no CPE)range: < 1.32.13.1-r14
- (no CPE)range: < 1.33.10.1-r9
- (no CPE)range: < 1.34.8.1-r0
- (no CPE)range: < 1.35.3.1-r9
- (no CPE)range: < 2.18.3-r10
- (no CPE)range: < 2.18.3-r10
- (no CPE)range: < 2.19.0-r12
- (no CPE)range: < 0.14.16-r3
- (no CPE)range: < 0.15.0-r8
- (no CPE)range: < 2.16.0-r17
- (no CPE)range: < 2.11.7-r12
- (no CPE)range: < 2.9.15-r0
- (no CPE)range: < 2.11.7-r12
- (no CPE)range: < 2.12.3-r13
- (no CPE)range: < 2.13.4-r3
- (no CPE)range: < 2.9.15-r0
- (no CPE)range: < 2.11.7-r12
- (no CPE)range: < 2.13.4-r3
- (no CPE)range: < 2.9.15-r0
- (no CPE)range: < 2.5.3-r0
- (no CPE)range: < 1.14.2-r1
- (no CPE)range: < 0.151.0-r0
- (no CPE)range: < 6.3.0-r2
- (no CPE)range: < 1.35.1-r7
- (no CPE)range: < 4.22-r0
- (no CPE)range: < 2.7.1-r9
- (no CPE)range: < 1.0.22-r7
- (no CPE)range: < 1.0.23-r4
- (no CPE)range: < 1.51.1-r1
- (no CPE)range: < 1.14.5-r4
- (no CPE)range: < 0.154.0-r1
- (no CPE)range: < 2.9.9-r0
- (no CPE)range: < 0.22.3-r1
- (no CPE)range: < 7.1.0-r1
- (no CPE)range: < 2.4.1-r4
- (no CPE)range: < 0.30.2-r4
- (no CPE)range: < 0.30.2-r5
- (no CPE)range: < 0.10.2-r7
- (no CPE)range: < 1.38.3-r2
- (no CPE)range: < 17.7.23-r0
- (no CPE)range: < 18.7.6-r0
- (no CPE)range: < 1.7.0-r0
- (no CPE)range: < 1.31.0-r0
- (no CPE)range: < 1.31.0-r0
- (no CPE)range: < 0.12.0-r10
- (no CPE)range: < 3.0.8-r13
- (no CPE)range: <= 3.6.2
- (no CPE)range: <= 4.18.3
- (no CPE)range: < 5.9.2
- (no CPE)range: < 1.16.1-2.1
- (no CPE)range: < 2.4.4-1.1
Patches
Vulnerability mechanics
References
5- github.com/jackc/pgx/commit/60644f84918a8af66d14a4b0d865d4edafd955danvdPatchWEB
- github.com/advisories/GHSA-j88v-2chj-qfwxghsaADVISORY
- github.com/jackc/pgx/security/advisories/GHSA-j88v-2chj-qfwxnvdMitigationVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-41889ghsaADVISORY
- github.com/jackc/pgx/releases/tag/v5.9.2nvdRelease NotesWEB
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026