Executive Summary

The CVE-2026-33815 vulnerability is a memory-safety issue affecting the Go package github.com/jackc/pgx/v5, specifically within the pgproto3 subpackage.

It involves the functions Backend.Receive and Bind.Decode, which are implicated in the memory-safety flaw.

All versions of this package are affected, and there are no known fixed versions available at the time of the report.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability affects all versions of the github.com/jackc/pgx/v5 package with no known fixed versions available at the time of the report.

Since no fixed versions are available, immediate mitigation steps include avoiding the use of the vulnerable functions Backend.Receive and Bind.Decode within the pgproto3 subpackage, or limiting exposure by restricting access to systems using this package.

Monitoring for updates or patches from the package maintainers and applying them as soon as they become available is also recommended.

Useful 0 Not Useful 0

Impact Analysis

This memory-safety vulnerability could potentially lead to issues such as application crashes, data corruption, or exploitation by attackers to execute arbitrary code or cause denial of service.

Since it affects core functions in the pgx package used for PostgreSQL communication, any application relying on this package might be at risk.

Useful 0 Not Useful 0