Critical Vulnerabilities in PostgreSQL 18 and 16 Require Immediate Attention

Critical Vulnerabilities in PostgreSQL 18 and 16 Require Immediate Attention

First seen 12 Mar 2026, 21:15 UTC Linuxsecurity 91% similarity 72.0

Article Content

Browse articles
ThreatCluster

On March 12, 2026, updates for PostgreSQL versions 16 and 18 were released, addressing multiple critical vulnerabilities. Key issues include CVE-2026-2003, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, and CVE-2026-2007, all published on February 12, 2026. These vulnerabilities could lead to arbitrary code execution and memory disclosure, affecting server security. Users of openSUSE and SUSE Linux Enterprise are particularly at risk and are advised to apply the patches immediately. The updates also include regression fixes for issues related to the substring() function and multibyte character handling. The vulnerabilities are significant, with CVE-2026-2004, CVE-2026-2005, and CVE-2026-2006 rated 8.8 on the CVSS scale, indicating high severity. The current status is that patches are available, and users are urged to update their systems promptly.

Key Points: • Multiple critical vulnerabilities in PostgreSQL 18 and 16 require immediate patching. • CVE-2026-2004, CVE-2026-2005, and CVE-2026-2006 are rated 8.8 on the CVSS scale. • Affected users include those on openSUSE and SUSE Linux Enterprise systems.

ThreatCluster AI

Timeline

2026-02-12
CVE-2026-2003, CVE-2026-2004, CVE-2026-2005, CVE-2026-2006, CVE-2026-2007 published
2026-03-12
Updates for PostgreSQL 16 and 18 released to address vulnerabilities

Community

Browse all →