Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

PostgreSQL updates fix critical security problems

ALSA-2026:3887
Summary

PostgreSQL users should update their software immediately to fix three critical security issues that could allow attackers to execute malicious code on their systems. This update is crucial to prevent potential data breaches and system compromise. Apply the update as soon as possible to ensure the security of your PostgreSQL databases.

What to do
  • Update almalinux postgresql to version 16.13-1.el10_1.
  • Update almalinux postgresql-contrib to version 16.13-1.el10_1.
  • Update almalinux postgresql-docs to version 16.13-1.el10_1.
  • Update almalinux postgresql-plperl to version 16.13-1.el10_1.
  • Update almalinux postgresql-plpython3 to version 16.13-1.el10_1.
  • Update almalinux postgresql-pltcl to version 16.13-1.el10_1.
  • Update almalinux postgresql-private-devel to version 16.13-1.el10_1.
  • Update almalinux postgresql-private-libs to version 16.13-1.el10_1.
  • Update almalinux postgresql-server to version 16.13-1.el10_1.
  • Update almalinux postgresql-server-devel to version 16.13-1.el10_1.
  • Update almalinux postgresql-static to version 16.13-1.el10_1.
  • Update almalinux postgresql-test to version 16.13-1.el10_1.
  • Update almalinux postgresql-test-rpm-macros to version 16.13-1.el10_1.
  • Update almalinux postgresql-upgrade to version 16.13-1.el10_1.
  • Update almalinux postgresql-upgrade-devel to version 16.13-1.el10_1.
Affected software
VendorProductAffected versionsFix available
almalinux postgresql <= 16.13-1.el10_1 16.13-1.el10_1
almalinux postgresql-contrib <= 16.13-1.el10_1 16.13-1.el10_1
almalinux postgresql-docs <= 16.13-1.el10_1 16.13-1.el10_1
almalinux postgresql-plperl <= 16.13-1.el10_1 16.13-1.el10_1
almalinux postgresql-plpython3 <= 16.13-1.el10_1 16.13-1.el10_1
almalinux postgresql-pltcl <= 16.13-1.el10_1 16.13-1.el10_1
almalinux postgresql-private-devel <= 16.13-1.el10_1 16.13-1.el10_1
almalinux postgresql-private-libs <= 16.13-1.el10_1 16.13-1.el10_1
almalinux postgresql-server <= 16.13-1.el10_1 16.13-1.el10_1
almalinux postgresql-server-devel <= 16.13-1.el10_1 16.13-1.el10_1
almalinux postgresql-static <= 16.13-1.el10_1 16.13-1.el10_1
almalinux postgresql-test <= 16.13-1.el10_1 16.13-1.el10_1
almalinux postgresql-test-rpm-macros <= 16.13-1.el10_1 16.13-1.el10_1
almalinux postgresql-upgrade <= 16.13-1.el10_1 16.13-1.el10_1
almalinux postgresql-upgrade-devel <= 16.13-1.el10_1 16.13-1.el10_1
Original title
Important: postgresql16 security update
Original description
PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package.

Security Fix(es):

* postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)
* postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)
* postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026