pgvector database server crashes or leaks sensitive data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

pgvector database server crashes or leaks sensitive data

CVE-2026-3172

Summary

A bug in pgvector versions 0.6.0 to 0.8.1 can cause the database server to crash or reveal confidential information from other parts of the database. This affects databases using pgvector for vector search functionality. To fix this, update to a patched version of pgvector.

Original title

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.

Original description

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.

nvd CVSS3.1 8.1

Vulnerability type

CWE-191

CWE-787 Out-of-bounds Write

https://github.com/pgvector/pgvector/issues/959

Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026