PostgreSQL 15 Security Update Fixes Multiple Vulnerabilities

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

PostgreSQL 15 Security Update Fixes Multiple Vulnerabilities

RHSA-2026:3896

Summary

Multiple security issues were found in PostgreSQL 15. These issues could allow an attacker to execute arbitrary code or escalate privileges. Users of PostgreSQL 15 should update to the latest version to fix these security issues.

What to do

Update redhat pg_repack to version 0:1.4.8-2.module+el9.5.0+22224+f5585c78.
Update redhat pg_repack-debuginfo to version 0:1.4.8-2.module+el9.5.0+22224+f5585c78.
Update redhat pg_repack-debugsource to version 0:1.4.8-2.module+el9.5.0+22224+f5585c78.
Update redhat pgaudit to version 0:1.7.0-1.module+el9.2.0+17405+aeb9ec60.
Update redhat pgaudit-debuginfo to version 0:1.7.0-1.module+el9.2.0+17405+aeb9ec60.
Update redhat pgaudit-debugsource to version 0:1.7.0-1.module+el9.2.0+17405+aeb9ec60.
Update redhat postgres-decoderbufs to version 0:1.9.7-1.Final.module+el9.2.0+17405+aeb9ec60.
Update redhat postgres-decoderbufs-debuginfo to version 0:1.9.7-1.Final.module+el9.2.0+17405+aeb9ec60.
Update redhat postgres-decoderbufs-debugsource to version 0:1.9.7-1.Final.module+el9.2.0+17405+aeb9ec60.
Update redhat postgresql to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-contrib to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-contrib-debuginfo to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-debuginfo to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-debugsource to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-docs to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-docs-debuginfo to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-plperl to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-plperl-debuginfo to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-plpython3 to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-plpython3-debuginfo to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-pltcl to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-pltcl-debuginfo to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-private-devel to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-private-libs to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-private-libs-debuginfo to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-server to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-server-debuginfo to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-server-devel to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-server-devel-debuginfo to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-static to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-test to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-test-debuginfo to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-test-rpm-macros to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-upgrade to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-upgrade-debuginfo to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-upgrade-devel to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.
Update redhat postgresql-upgrade-devel-debuginfo to version 0:15.17-1.module+el9.7.0+24029+ef6a2953.

Affected software

Original title

Red Hat Security Advisory: postgresql:15 security update

osv CVSS3.1 8.8

https://access.redhat.com/errata/RHSA-2026:3896 Vendor Advisory
https://access.redhat.com/security/updates/classification/#important Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2439324 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2439325 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2439326 Third Party Advisory
https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3896.j... Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-2004 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2026-2004 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-2004 Vendor Advisory
https://www.postgresql.org/support/security/CVE-2026-2004/ Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-2005 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2026-2005 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-2005 Vendor Advisory
https://www.postgresql.org/support/security/CVE-2026-2005/ Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-2006 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2026-2006 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-2006 Vendor Advisory
https://www.postgresql.org/support/security/CVE-2026-2006/ Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-2003 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2439322 Third Party Advisory
https://www.cve.org/CVERecord?id=CVE-2026-2003 Vendor Advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-2003 Vendor Advisory
https://www.postgresql.org/support/security/CVE-2026-2003/ Third Party Advisory

Published: 6 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026

Vendor	Product	Affected versions	Fix available
redhat	pg_repack	<= 0:1.4.8-2.module+el9.5.0+22224+f5585c78	0:1.4.8-2.module+el9.5.0+22224+f5585c78
redhat	pg_repack-debuginfo	<= 0:1.4.8-2.module+el9.5.0+22224+f5585c78	0:1.4.8-2.module+el9.5.0+22224+f5585c78
redhat	pg_repack-debugsource	<= 0:1.4.8-2.module+el9.5.0+22224+f5585c78	0:1.4.8-2.module+el9.5.0+22224+f5585c78
redhat	pgaudit	<= 0:1.7.0-1.module+el9.2.0+17405+aeb9ec60	0:1.7.0-1.module+el9.2.0+17405+aeb9ec60
redhat	pgaudit-debuginfo	<= 0:1.7.0-1.module+el9.2.0+17405+aeb9ec60	0:1.7.0-1.module+el9.2.0+17405+aeb9ec60
redhat	pgaudit-debugsource	<= 0:1.7.0-1.module+el9.2.0+17405+aeb9ec60	0:1.7.0-1.module+el9.2.0+17405+aeb9ec60
redhat	postgres-decoderbufs	<= 0:1.9.7-1.Final.module+el9.2.0+17405+aeb9ec60	0:1.9.7-1.Final.module+el9.2.0+17405+aeb9ec60
redhat	postgres-decoderbufs-debuginfo	<= 0:1.9.7-1.Final.module+el9.2.0+17405+aeb9ec60	0:1.9.7-1.Final.module+el9.2.0+17405+aeb9ec60
redhat	postgres-decoderbufs-debugsource	<= 0:1.9.7-1.Final.module+el9.2.0+17405+aeb9ec60	0:1.9.7-1.Final.module+el9.2.0+17405+aeb9ec60
redhat	postgresql	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-contrib	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-contrib-debuginfo	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-debuginfo	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-debugsource	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-docs	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-docs-debuginfo	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-plperl	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-plperl-debuginfo	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-plpython3	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-plpython3-debuginfo	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-pltcl	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-pltcl-debuginfo	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-private-devel	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-private-libs	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-private-libs-debuginfo	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-server	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-server-debuginfo	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-server-devel	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-server-devel-debuginfo	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-static	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-test	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-test-debuginfo	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-test-rpm-macros	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-upgrade	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-upgrade-debuginfo	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-upgrade-devel	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953
redhat	postgresql-upgrade-devel-debuginfo	<= 0:15.17-1.module+el9.7.0+24029+ef6a2953	0:15.17-1.module+el9.7.0+24029+ef6a2953