Description

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Remediation

References

CVE-2026-2004

Related Vulnerabilities

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2024-39573)

WordPress Plugin Ultimate SMS Notifications for WooCommerce CSV Injection (1.4.1)

OpenSSL Resource Management Errors Vulnerability (CVE-2016-0798)

WordPress Plugin Events Calendar 'ec_management.class.php' Cross-Site Scripting (6.7.11)

WordPress Plugin Fungif The Awesome GIFs Cross-Site Scripting (2.0)

Severity

High

Classification

CVE-2026-2004 CWE-1287 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities