CVE-2026-2007
Undergoing Analysis Undergoing Analysis - In Progress
Heap Buffer Overflow in PostgreSQL pg_trgm Risks Privilege Escalation

Publication date: 2026-02-12

Last updated on: 2026-02-20

Assigner: PostgreSQL

Description
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-12
Last Modified
2026-02-20
Generated
2026-06-16
AI Q&A
2026-02-12
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2007
EUVD
EUVD-2026-7042
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
postgresql postgresql From 18.0 (inc) to 18.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-2007 is a heap buffer overflow vulnerability in the PostgreSQL pg_trgm extension affecting versions 18.0 and 18.1.

This flaw allows a database user to write crafted input patterns onto server memory with limited control over the byte patterns written.

Although the exact impact is unknown, it could potentially be exploited for privilege escalation.

Impact Analysis

The vulnerability can lead to integrity and availability issues in the affected PostgreSQL server.

  • An attacker can exploit the heap buffer overflow to write crafted input to server memory.
  • This may result in privilege escalation, allowing an attacker to gain higher access rights.
  • The CVSS score indicates a high impact on availability and a low impact on integrity, but no confidentiality impact.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, you should upgrade PostgreSQL to version 18.2 or later, where the heap buffer overflow in the pg_trgm extension has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2007. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart