Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
PostgreSQL 16: Critical Data Exposure Through Authentication Bypass
RHSA-2026:3887
Summary
PostgreSQL 16 has a security issue that allows attackers to bypass authentication, potentially giving them access to sensitive data. This update fixes the issue, and you should apply it to protect your database. You can update your PostgreSQL installation through your package manager or Red Hat's subscription management tools.
What to do
- Update redhat postgresql-server-debuginfo to version 0:16.13-1.el10_1.
- Update redhat postgresql to version 0:16.13-1.el10_1.
- Update redhat postgresql-contrib to version 0:16.13-1.el10_1.
- Update redhat postgresql-contrib-debuginfo to version 0:16.13-1.el10_1.
- Update redhat postgresql-debuginfo to version 0:16.13-1.el10_1.
- Update redhat postgresql-docs to version 0:16.13-1.el10_1.
- Update redhat postgresql-docs-debuginfo to version 0:16.13-1.el10_1.
- Update redhat postgresql-plperl to version 0:16.13-1.el10_1.
- Update redhat postgresql-plperl-debuginfo to version 0:16.13-1.el10_1.
- Update redhat postgresql-plpython3 to version 0:16.13-1.el10_1.
- Update redhat postgresql-plpython3-debuginfo to version 0:16.13-1.el10_1.
- Update redhat postgresql-pltcl to version 0:16.13-1.el10_1.
- Update redhat postgresql-pltcl-debuginfo to version 0:16.13-1.el10_1.
- Update redhat postgresql-private-devel to version 0:16.13-1.el10_1.
- Update redhat postgresql-private-libs to version 0:16.13-1.el10_1.
- Update redhat postgresql-private-libs-debuginfo to version 0:16.13-1.el10_1.
- Update redhat postgresql-server to version 0:16.13-1.el10_1.
- Update redhat postgresql-server-devel to version 0:16.13-1.el10_1.
- Update redhat postgresql-server-devel-debuginfo to version 0:16.13-1.el10_1.
- Update redhat postgresql-static to version 0:16.13-1.el10_1.
- Update redhat postgresql-test to version 0:16.13-1.el10_1.
- Update redhat postgresql-test-debuginfo to version 0:16.13-1.el10_1.
- Update redhat postgresql-test-rpm-macros to version 0:16.13-1.el10_1.
- Update redhat postgresql-upgrade to version 0:16.13-1.el10_1.
- Update redhat postgresql-upgrade-debuginfo to version 0:16.13-1.el10_1.
- Update redhat postgresql-upgrade-devel to version 0:16.13-1.el10_1.
- Update redhat postgresql-upgrade-devel-debuginfo to version 0:16.13-1.el10_1.
- Update redhat postgresql16 to version 0:16.13-1.el10_1.
- Update redhat postgresql16-debuginfo to version 0:16.13-1.el10_1.
- Update redhat postgresql16-debugsource to version 0:16.13-1.el10_1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | postgresql-server-debuginfo | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-contrib | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-contrib-debuginfo | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-debuginfo | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-docs | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-docs-debuginfo | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-plperl | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-plperl-debuginfo | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-plpython3 | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-plpython3-debuginfo | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-pltcl | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-pltcl-debuginfo | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-private-devel | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-private-libs | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-private-libs-debuginfo | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-server | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-server-devel | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-server-devel-debuginfo | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-static | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-test | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-test-debuginfo | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-test-rpm-macros | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-upgrade | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-upgrade-debuginfo | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-upgrade-devel | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql-upgrade-devel-debuginfo | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql16 | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql16-debuginfo | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
| redhat | postgresql16-debugsource | <= 0:16.13-1.el10_1 | 0:16.13-1.el10_1 |
Original title
Red Hat Security Advisory: postgresql16 security update
osv CVSS3.1
8.8
- https://access.redhat.com/errata/RHSA-2026:3887 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2439324 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2439325 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2439326 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3887.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-2004 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2004 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2004 Vendor Advisory
- https://www.postgresql.org/support/security/CVE-2026-2004/ Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2005 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2005 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2005 Vendor Advisory
- https://www.postgresql.org/support/security/CVE-2026-2005/ Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2006 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2006 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2006 Vendor Advisory
- https://www.postgresql.org/support/security/CVE-2026-2006/ Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2003 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2439322 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2003 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2003 Vendor Advisory
- https://www.postgresql.org/support/security/CVE-2026-2003/ Third Party Advisory
Published: 6 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026