PostgreSQL database may execute malicious code

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

PostgreSQL database may execute malicious code

ALSA-2026:3730

Summary

If exploited, this vulnerability could allow attackers to execute unauthorized code on your system, potentially leading to data theft or other security breaches. This affects PostgreSQL, a popular database software used by many businesses. Update your PostgreSQL installation as soon as possible to prevent potential attacks.

What to do

Update almalinux postgresql-plperl to version 13.23-2.el9_7.
Update almalinux postgresql to version 13.23-2.el9_7.
Update almalinux postgresql-contrib to version 13.23-2.el9_7.
Update almalinux postgresql-docs to version 13.23-2.el9_7.
Update almalinux postgresql-plpython3 to version 13.23-2.el9_7.
Update almalinux postgresql-pltcl to version 13.23-2.el9_7.
Update almalinux postgresql-private-devel to version 13.23-2.el9_7.
Update almalinux postgresql-private-libs to version 13.23-2.el9_7.
Update almalinux postgresql-server to version 13.23-2.el9_7.
Update almalinux postgresql-server-devel to version 13.23-2.el9_7.
Update almalinux postgresql-static to version 13.23-2.el9_7.
Update almalinux postgresql-test to version 13.23-2.el9_7.
Update almalinux postgresql-test-rpm-macros to version 13.23-2.el9_7.
Update almalinux postgresql-upgrade to version 13.23-2.el9_7.
Update almalinux postgresql-upgrade-devel to version 13.23-2.el9_7.

Affected software

Vendor	Product	Affected versions	Fix available
almalinux	postgresql-plperl	<= 13.23-2.el9_7	13.23-2.el9_7
almalinux	postgresql	<= 13.23-2.el9_7	13.23-2.el9_7
almalinux	postgresql-contrib	<= 13.23-2.el9_7	13.23-2.el9_7
almalinux	postgresql-docs	<= 13.23-2.el9_7	13.23-2.el9_7
almalinux	postgresql-plpython3	<= 13.23-2.el9_7	13.23-2.el9_7
almalinux	postgresql-pltcl	<= 13.23-2.el9_7	13.23-2.el9_7
almalinux	postgresql-private-devel	<= 13.23-2.el9_7	13.23-2.el9_7
almalinux	postgresql-private-libs	<= 13.23-2.el9_7	13.23-2.el9_7
almalinux	postgresql-server	<= 13.23-2.el9_7	13.23-2.el9_7
almalinux	postgresql-server-devel	<= 13.23-2.el9_7	13.23-2.el9_7
almalinux	postgresql-static	<= 13.23-2.el9_7	13.23-2.el9_7
almalinux	postgresql-test	<= 13.23-2.el9_7	13.23-2.el9_7
almalinux	postgresql-test-rpm-macros	<= 13.23-2.el9_7	13.23-2.el9_7
almalinux	postgresql-upgrade	<= 13.23-2.el9_7	13.23-2.el9_7
almalinux	postgresql-upgrade-devel	<= 13.23-2.el9_7	13.23-2.el9_7

Original title

Important: postgresql security update

Original description

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
* postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
* postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

https://access.redhat.com/errata/RHSA-2026:3730 Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-2004 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-2005 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-2006 Third Party Advisory
https://bugzilla.redhat.com/2439324 Third Party Advisory
https://bugzilla.redhat.com/2439325 Third Party Advisory
https://bugzilla.redhat.com/2439326 Third Party Advisory
https://errata.almalinux.org/9/ALSA-2026-3730.html Vendor Advisory

Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026