PostgreSQL Security Update Fixes Critical Flaws

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

PostgreSQL Security Update Fixes Critical Flaws

ALSA-2026:4024

Summary

PostgreSQL has released an update to fix three security flaws that could allow an attacker to execute arbitrary code on a database. If not patched, these flaws could be exploited to compromise your database and sensitive data. Update your PostgreSQL installation as soon as possible to protect your system.

What to do

Update almalinux pg_repack to version 1.4.6-3.module_el8.6.0+2760+1746ec94.
Update almalinux pg_repack to version 1.4.6-3.module_el8.6.0+3095+ee60d910.
Update almalinux pgaudit to version 1.5.0-1.module_el8.6.0+2760+1746ec94.
Update almalinux pgaudit to version 1.5.0-1.module_el8.6.0+3095+ee60d910.
Update almalinux postgres-decoderbufs to version 0.10.0-2.module_el8.6.0+2760+1746ec94.
Update almalinux postgres-decoderbufs to version 0.10.0-2.module_el8.6.0+3095+ee60d910.
Update almalinux postgresql to version 13.23-2.module_el8.10.0+4124+c9cb0592.
Update almalinux postgresql-contrib to version 13.23-2.module_el8.10.0+4124+c9cb0592.
Update almalinux postgresql-docs to version 13.23-2.module_el8.10.0+4124+c9cb0592.
Update almalinux postgresql-plperl to version 13.23-2.module_el8.10.0+4124+c9cb0592.
Update almalinux postgresql-plpython3 to version 13.23-2.module_el8.10.0+4124+c9cb0592.
Update almalinux postgresql-pltcl to version 13.23-2.module_el8.10.0+4124+c9cb0592.
Update almalinux postgresql-server to version 13.23-2.module_el8.10.0+4124+c9cb0592.
Update almalinux postgresql-server-devel to version 13.23-2.module_el8.10.0+4124+c9cb0592.
Update almalinux postgresql-static to version 13.23-2.module_el8.10.0+4124+c9cb0592.
Update almalinux postgresql-test to version 13.23-2.module_el8.10.0+4124+c9cb0592.
Update almalinux postgresql-test-rpm-macros to version 13.23-2.module_el8.10.0+4124+c9cb0592.
Update almalinux postgresql-upgrade to version 13.23-2.module_el8.10.0+4124+c9cb0592.
Update almalinux postgresql-upgrade-devel to version 13.23-2.module_el8.10.0+4124+c9cb0592.

Affected software

Original title

Important: postgresql:13 security update

Original description

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
* postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
* postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

https://access.redhat.com/errata/RHSA-2026:4024 Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-2004 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-2005 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2026-2006 Third Party Advisory
https://bugzilla.redhat.com/2439324 Third Party Advisory
https://bugzilla.redhat.com/2439325 Third Party Advisory
https://bugzilla.redhat.com/2439326 Third Party Advisory
https://errata.almalinux.org/8/ALSA-2026-4024.html Vendor Advisory

Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026

Vendor	Product	Affected versions	Fix available
almalinux	pg_repack	<= 1.4.6-3.module_el8.6.0+2760+1746ec94	1.4.6-3.module_el8.6.0+2760+1746ec94
almalinux	pg_repack	<= 1.4.6-3.module_el8.6.0+3095+ee60d910	1.4.6-3.module_el8.6.0+3095+ee60d910
almalinux	pgaudit	<= 1.5.0-1.module_el8.6.0+2760+1746ec94	1.5.0-1.module_el8.6.0+2760+1746ec94
almalinux	pgaudit	<= 1.5.0-1.module_el8.6.0+3095+ee60d910	1.5.0-1.module_el8.6.0+3095+ee60d910
almalinux	postgres-decoderbufs	<= 0.10.0-2.module_el8.6.0+2760+1746ec94	0.10.0-2.module_el8.6.0+2760+1746ec94
almalinux	postgres-decoderbufs	<= 0.10.0-2.module_el8.6.0+3095+ee60d910	0.10.0-2.module_el8.6.0+3095+ee60d910
almalinux	postgresql	<= 13.23-2.module_el8.10.0+4124+c9cb0592	13.23-2.module_el8.10.0+4124+c9cb0592
almalinux	postgresql-contrib	<= 13.23-2.module_el8.10.0+4124+c9cb0592	13.23-2.module_el8.10.0+4124+c9cb0592
almalinux	postgresql-docs	<= 13.23-2.module_el8.10.0+4124+c9cb0592	13.23-2.module_el8.10.0+4124+c9cb0592
almalinux	postgresql-plperl	<= 13.23-2.module_el8.10.0+4124+c9cb0592	13.23-2.module_el8.10.0+4124+c9cb0592
almalinux	postgresql-plpython3	<= 13.23-2.module_el8.10.0+4124+c9cb0592	13.23-2.module_el8.10.0+4124+c9cb0592
almalinux	postgresql-pltcl	<= 13.23-2.module_el8.10.0+4124+c9cb0592	13.23-2.module_el8.10.0+4124+c9cb0592
almalinux	postgresql-server	<= 13.23-2.module_el8.10.0+4124+c9cb0592	13.23-2.module_el8.10.0+4124+c9cb0592
almalinux	postgresql-server-devel	<= 13.23-2.module_el8.10.0+4124+c9cb0592	13.23-2.module_el8.10.0+4124+c9cb0592
almalinux	postgresql-static	<= 13.23-2.module_el8.10.0+4124+c9cb0592	13.23-2.module_el8.10.0+4124+c9cb0592
almalinux	postgresql-test	<= 13.23-2.module_el8.10.0+4124+c9cb0592	13.23-2.module_el8.10.0+4124+c9cb0592
almalinux	postgresql-test-rpm-macros	<= 13.23-2.module_el8.10.0+4124+c9cb0592	13.23-2.module_el8.10.0+4124+c9cb0592
almalinux	postgresql-upgrade	<= 13.23-2.module_el8.10.0+4124+c9cb0592	13.23-2.module_el8.10.0+4124+c9cb0592
almalinux	postgresql-upgrade-devel	<= 13.23-2.module_el8.10.0+4124+c9cb0592	13.23-2.module_el8.10.0+4124+c9cb0592