Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
PostgreSQL 13: Unauthorized database access possible through malicious queries
RHSA-2026:4024
Summary
A security update is available for PostgreSQL 13, which fixes a vulnerability that could allow attackers to access databases without a password. This affects any PostgreSQL 13 installation that is publicly accessible. To fix this issue, update your PostgreSQL server to the latest version as soon as possible.
What to do
- Update redhat pg_repack to version 0:1.4.6-3.module+el8.9.0+20664+9c30cf7f.
- Update redhat pg_repack-debuginfo to version 0:1.4.6-3.module+el8.9.0+20664+9c30cf7f.
- Update redhat pg_repack-debugsource to version 0:1.4.6-3.module+el8.9.0+20664+9c30cf7f.
- Update redhat pgaudit to version 0:1.5.0-1.module+el8.9.0+20664+9c30cf7f.
- Update redhat pgaudit-debuginfo to version 0:1.5.0-1.module+el8.9.0+20664+9c30cf7f.
- Update redhat pgaudit-debugsource to version 0:1.5.0-1.module+el8.9.0+20664+9c30cf7f.
- Update redhat postgres-decoderbufs to version 0:0.10.0-2.module+el8.9.0+20664+9c30cf7f.
- Update redhat postgres-decoderbufs-debuginfo to version 0:0.10.0-2.module+el8.9.0+20664+9c30cf7f.
- Update redhat postgres-decoderbufs-debugsource to version 0:0.10.0-2.module+el8.9.0+20664+9c30cf7f.
- Update redhat postgresql to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-contrib to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-contrib-debuginfo to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-debuginfo to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-debugsource to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-docs to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-docs-debuginfo to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-plperl to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-plperl-debuginfo to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-plpython3 to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-plpython3-debuginfo to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-pltcl to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-pltcl-debuginfo to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-server to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-server-debuginfo to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-server-devel to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-server-devel-debuginfo to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-static to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-test to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-test-debuginfo to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-test-rpm-macros to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-upgrade to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-upgrade-debuginfo to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-upgrade-devel to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
- Update redhat postgresql-upgrade-devel-debuginfo to version 0:13.23-2.module+el8.10.0+24039+b49622e4.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | pg_repack | <= 0:1.4.6-3.module+el8.9.0+20664+9c30cf7f | 0:1.4.6-3.module+el8.9.0+20664+9c30cf7f |
| redhat | pg_repack-debuginfo | <= 0:1.4.6-3.module+el8.9.0+20664+9c30cf7f | 0:1.4.6-3.module+el8.9.0+20664+9c30cf7f |
| redhat | pg_repack-debugsource | <= 0:1.4.6-3.module+el8.9.0+20664+9c30cf7f | 0:1.4.6-3.module+el8.9.0+20664+9c30cf7f |
| redhat | pgaudit | <= 0:1.5.0-1.module+el8.9.0+20664+9c30cf7f | 0:1.5.0-1.module+el8.9.0+20664+9c30cf7f |
| redhat | pgaudit-debuginfo | <= 0:1.5.0-1.module+el8.9.0+20664+9c30cf7f | 0:1.5.0-1.module+el8.9.0+20664+9c30cf7f |
| redhat | pgaudit-debugsource | <= 0:1.5.0-1.module+el8.9.0+20664+9c30cf7f | 0:1.5.0-1.module+el8.9.0+20664+9c30cf7f |
| redhat | postgres-decoderbufs | <= 0:0.10.0-2.module+el8.9.0+20664+9c30cf7f | 0:0.10.0-2.module+el8.9.0+20664+9c30cf7f |
| redhat | postgres-decoderbufs-debuginfo | <= 0:0.10.0-2.module+el8.9.0+20664+9c30cf7f | 0:0.10.0-2.module+el8.9.0+20664+9c30cf7f |
| redhat | postgres-decoderbufs-debugsource | <= 0:0.10.0-2.module+el8.9.0+20664+9c30cf7f | 0:0.10.0-2.module+el8.9.0+20664+9c30cf7f |
| redhat | postgresql | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-contrib | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-contrib-debuginfo | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-debuginfo | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-debugsource | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-docs | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-docs-debuginfo | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-plperl | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-plperl-debuginfo | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-plpython3 | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-plpython3-debuginfo | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-pltcl | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-pltcl-debuginfo | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-server | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-server-debuginfo | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-server-devel | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-server-devel-debuginfo | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-static | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-test | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-test-debuginfo | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-test-rpm-macros | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-upgrade | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-upgrade-debuginfo | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-upgrade-devel | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
| redhat | postgresql-upgrade-devel-debuginfo | <= 0:13.23-2.module+el8.10.0+24039+b49622e4 | 0:13.23-2.module+el8.10.0+24039+b49622e4 |
Original title
Red Hat Security Advisory: postgresql:13 security update
osv CVSS3.1
8.8
- https://access.redhat.com/errata/RHSA-2026:4024 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2439324 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2439325 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2439326 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4024.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-2004 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2004 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2004 Vendor Advisory
- https://www.postgresql.org/support/security/CVE-2026-2004/ Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2005 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2005 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2005 Vendor Advisory
- https://www.postgresql.org/support/security/CVE-2026-2005/ Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2006 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2006 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2006 Vendor Advisory
- https://www.postgresql.org/support/security/CVE-2026-2006/ Third Party Advisory
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026