Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
PostgreSQL 13: Unauthenticated Data Exposure in Query Planning
RHSA-2026:4074
Summary
A security update is available for PostgreSQL 13, which fixes a flaw that could allow an attacker to access sensitive information in the database without a password. This update is recommended for all users of PostgreSQL 13 to prevent unauthorized data exposure. Apply the update as soon as possible to ensure the security of your database.
What to do
- Update redhat pg_repack to version 0:1.4.6-3.module+el8.5.0+11357+bcc62552.
- Update redhat pg_repack-debuginfo to version 0:1.4.6-3.module+el8.5.0+11357+bcc62552.
- Update redhat pg_repack-debugsource to version 0:1.4.6-3.module+el8.5.0+11357+bcc62552.
- Update redhat pgaudit to version 0:1.5.0-1.module+el8.4.0+8873+b821c30a.
- Update redhat pgaudit-debuginfo to version 0:1.5.0-1.module+el8.4.0+8873+b821c30a.
- Update redhat pgaudit-debugsource to version 0:1.5.0-1.module+el8.4.0+8873+b821c30a.
- Update redhat postgres-decoderbufs to version 0:0.10.0-2.module+el8.4.0+8873+b821c30a.
- Update redhat postgres-decoderbufs-debuginfo to version 0:0.10.0-2.module+el8.4.0+8873+b821c30a.
- Update redhat postgres-decoderbufs-debugsource to version 0:0.10.0-2.module+el8.4.0+8873+b821c30a.
- Update redhat postgresql to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-contrib to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-contrib-debuginfo to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-debuginfo to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-debugsource to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-docs to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-docs-debuginfo to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-plperl to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-plperl-debuginfo to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-plpython3 to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-plpython3-debuginfo to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-pltcl to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-pltcl-debuginfo to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-server to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-server-debuginfo to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-server-devel to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-server-devel-debuginfo to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-static to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-test to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-test-debuginfo to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-test-rpm-macros to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-upgrade to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-upgrade-debuginfo to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-upgrade-devel to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
- Update redhat postgresql-upgrade-devel-debuginfo to version 0:13.23-1.module+el8.8.0+24046+5b274db5.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | pg_repack | <= 0:1.4.6-3.module+el8.5.0+11357+bcc62552 | 0:1.4.6-3.module+el8.5.0+11357+bcc62552 |
| redhat | pg_repack-debuginfo | <= 0:1.4.6-3.module+el8.5.0+11357+bcc62552 | 0:1.4.6-3.module+el8.5.0+11357+bcc62552 |
| redhat | pg_repack-debugsource | <= 0:1.4.6-3.module+el8.5.0+11357+bcc62552 | 0:1.4.6-3.module+el8.5.0+11357+bcc62552 |
| redhat | pgaudit | <= 0:1.5.0-1.module+el8.4.0+8873+b821c30a | 0:1.5.0-1.module+el8.4.0+8873+b821c30a |
| redhat | pgaudit-debuginfo | <= 0:1.5.0-1.module+el8.4.0+8873+b821c30a | 0:1.5.0-1.module+el8.4.0+8873+b821c30a |
| redhat | pgaudit-debugsource | <= 0:1.5.0-1.module+el8.4.0+8873+b821c30a | 0:1.5.0-1.module+el8.4.0+8873+b821c30a |
| redhat | postgres-decoderbufs | <= 0:0.10.0-2.module+el8.4.0+8873+b821c30a | 0:0.10.0-2.module+el8.4.0+8873+b821c30a |
| redhat | postgres-decoderbufs-debuginfo | <= 0:0.10.0-2.module+el8.4.0+8873+b821c30a | 0:0.10.0-2.module+el8.4.0+8873+b821c30a |
| redhat | postgres-decoderbufs-debugsource | <= 0:0.10.0-2.module+el8.4.0+8873+b821c30a | 0:0.10.0-2.module+el8.4.0+8873+b821c30a |
| redhat | postgresql | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-contrib | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-contrib-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-debugsource | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-docs | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-docs-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-plperl | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-plperl-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-plpython3 | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-plpython3-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-pltcl | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-pltcl-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-server | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-server-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-server-devel | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-server-devel-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-static | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-test | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-test-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-test-rpm-macros | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-upgrade | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-upgrade-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-upgrade-devel | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-upgrade-devel-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | pg_repack | <= 0:1.4.6-3.module+el8.5.0+11357+bcc62552 | 0:1.4.6-3.module+el8.5.0+11357+bcc62552 |
| redhat | pg_repack-debuginfo | <= 0:1.4.6-3.module+el8.5.0+11357+bcc62552 | 0:1.4.6-3.module+el8.5.0+11357+bcc62552 |
| redhat | pg_repack-debugsource | <= 0:1.4.6-3.module+el8.5.0+11357+bcc62552 | 0:1.4.6-3.module+el8.5.0+11357+bcc62552 |
| redhat | pgaudit | <= 0:1.5.0-1.module+el8.4.0+8873+b821c30a | 0:1.5.0-1.module+el8.4.0+8873+b821c30a |
| redhat | pgaudit-debuginfo | <= 0:1.5.0-1.module+el8.4.0+8873+b821c30a | 0:1.5.0-1.module+el8.4.0+8873+b821c30a |
| redhat | pgaudit-debugsource | <= 0:1.5.0-1.module+el8.4.0+8873+b821c30a | 0:1.5.0-1.module+el8.4.0+8873+b821c30a |
| redhat | postgres-decoderbufs | <= 0:0.10.0-2.module+el8.4.0+8873+b821c30a | 0:0.10.0-2.module+el8.4.0+8873+b821c30a |
| redhat | postgres-decoderbufs-debuginfo | <= 0:0.10.0-2.module+el8.4.0+8873+b821c30a | 0:0.10.0-2.module+el8.4.0+8873+b821c30a |
| redhat | postgres-decoderbufs-debugsource | <= 0:0.10.0-2.module+el8.4.0+8873+b821c30a | 0:0.10.0-2.module+el8.4.0+8873+b821c30a |
| redhat | postgresql | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-contrib | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-contrib-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-debugsource | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-docs | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-docs-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-plperl | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-plperl-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-plpython3 | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-plpython3-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-pltcl | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-pltcl-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-server | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-server-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-server-devel | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-server-devel-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-static | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-test | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-test-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-test-rpm-macros | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-upgrade | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-upgrade-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-upgrade-devel | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
| redhat | postgresql-upgrade-devel-debuginfo | <= 0:13.23-1.module+el8.8.0+24046+5b274db5.1 | 0:13.23-1.module+el8.8.0+24046+5b274db5.1 |
Original title
Red Hat Security Advisory: postgresql:13 security update
osv CVSS3.1
8.8
- https://access.redhat.com/errata/RHSA-2026:4074 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2439324 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2439325 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2439326 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4074.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2026-2004 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2004 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2004 Vendor Advisory
- https://www.postgresql.org/support/security/CVE-2026-2004/ Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2005 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2005 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2005 Vendor Advisory
- https://www.postgresql.org/support/security/CVE-2026-2005/ Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2026-2006 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2026-2006 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-2006 Vendor Advisory
- https://www.postgresql.org/support/security/CVE-2026-2006/ Third Party Advisory
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026