Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
PostgreSQL Vulnerability: Remote Code Execution via Malicious Database Queries
RHSA-2026:4063
Summary
A security update is available for PostgreSQL, a popular database management system. This update fixes a vulnerability that could allow an attacker to execute malicious code on a database server. To stay secure, update your PostgreSQL installation as soon as possible.
What to do
- Update redhat pg_repack to version 0:1.5.1-1.module+el8.10.0+22551+c0330dc9.
- Update redhat pg_repack-debuginfo to version 0:1.5.1-1.module+el8.10.0+22551+c0330dc9.
- Update redhat pg_repack-debugsource to version 0:1.5.1-1.module+el8.10.0+22551+c0330dc9.
- Update redhat pgaudit to version 0:16.0-1.module+el8.10.0+20413+d8116364.
- Update redhat pgaudit-debuginfo to version 0:16.0-1.module+el8.10.0+20413+d8116364.
- Update redhat pgaudit-debugsource to version 0:16.0-1.module+el8.10.0+20413+d8116364.
- Update redhat postgres-decoderbufs to version 0:2.4.0-1.Final.module+el8.10.0+20413+d8116364.
- Update redhat postgres-decoderbufs-debuginfo to version 0:2.4.0-1.Final.module+el8.10.0+20413+d8116364.
- Update redhat postgres-decoderbufs-debugsource to version 0:2.4.0-1.Final.module+el8.10.0+20413+d8116364.
- Update redhat postgresql to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-contrib to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-contrib-debuginfo to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-debuginfo to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-debugsource to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-docs to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-docs-debuginfo to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-plperl to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-plperl-debuginfo to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-plpython3 to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-plpython3-debuginfo to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-pltcl to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-pltcl-debuginfo to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-private-devel to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-private-libs to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-private-libs-debuginfo to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-server to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-server-debuginfo to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-server-devel to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-server-devel-debuginfo to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-static to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-test to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-test-debuginfo to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-test-rpm-macros to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-upgrade to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-upgrade-debuginfo to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-upgrade-devel to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
- Update redhat postgresql-upgrade-devel-debuginfo to version 0:16.13-1.module+el8.10.0+24044+3710dd58.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | pg_repack | <= 0:1.5.1-1.module+el8.10.0+22551+c0330dc9 | 0:1.5.1-1.module+el8.10.0+22551+c0330dc9 |
| redhat | pg_repack-debuginfo | <= 0:1.5.1-1.module+el8.10.0+22551+c0330dc9 | 0:1.5.1-1.module+el8.10.0+22551+c0330dc9 |
| redhat | pg_repack-debugsource | <= 0:1.5.1-1.module+el8.10.0+22551+c0330dc9 | 0:1.5.1-1.module+el8.10.0+22551+c0330dc9 |
| redhat | pgaudit | <= 0:16.0-1.module+el8.10.0+20413+d8116364 | 0:16.0-1.module+el8.10.0+20413+d8116364 |
| redhat | pgaudit-debuginfo | <= 0:16.0-1.module+el8.10.0+20413+d8116364 | 0:16.0-1.module+el8.10.0+20413+d8116364 |
| redhat | pgaudit-debugsource | <= 0:16.0-1.module+el8.10.0+20413+d8116364 | 0:16.0-1.module+el8.10.0+20413+d8116364 |
| redhat | postgres-decoderbufs | <= 0:2.4.0-1.Final.module+el8.10.0+20413+d8116364 | 0:2.4.0-1.Final.module+el8.10.0+20413+d8116364 |
| redhat | postgres-decoderbufs-debuginfo | <= 0:2.4.0-1.Final.module+el8.10.0+20413+d8116364 | 0:2.4.0-1.Final.module+el8.10.0+20413+d8116364 |
| redhat | postgres-decoderbufs-debugsource | <= 0:2.4.0-1.Final.module+el8.10.0+20413+d8116364 | 0:2.4.0-1.Final.module+el8.10.0+20413+d8116364 |
| redhat | postgresql | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-contrib | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-contrib-debuginfo | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-debuginfo | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-debugsource | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-docs | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-docs-debuginfo | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-plperl | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-plperl-debuginfo | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-plpython3 | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-plpython3-debuginfo | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-pltcl | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-pltcl-debuginfo | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-private-devel | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-private-libs | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-private-libs-debuginfo | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-server | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-server-debuginfo | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-server-devel | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-server-devel-debuginfo | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-static | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-test | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-test-debuginfo | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-test-rpm-macros | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-upgrade | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-upgrade-debuginfo | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-upgrade-devel | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
| redhat | postgresql-upgrade-devel-debuginfo | <= 0:16.13-1.module+el8.10.0+24044+3710dd58 | 0:16.13-1.module+el8.10.0+24044+3710dd58 |
Original title
Red Hat Security Advisory: postgresql:16 security update
osv CVSS3.1
8.8
- https://access.redhat.com/errata/RHSA-2026:4063 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2439324 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2439325 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2439326 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4063.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-2004 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2004 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2004 Vendor Advisory
- https://www.postgresql.org/support/security/CVE-2026-2004/ Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2005 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2005 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2005 Vendor Advisory
- https://www.postgresql.org/support/security/CVE-2026-2005/ Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2006 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2006 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2006 Vendor Advisory
- https://www.postgresql.org/support/security/CVE-2026-2006/ Third Party Advisory
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026