CVE-2026-2007 - PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory
First Published: 2026/02/12
Important: This is an assessment of the impact of CVE-2026-2007 on EDB products and services. It links to and details the CVE and supplements that information with EDB's own assessment.
Summary
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. Specifically affecting the pg_trgm extension, the vulnerability arises when crafted input causes an overflow, potentially leading to denial of service or privilege escalation.
Vulnerability details
CVE-ID: CVE-2026-2007
CVE Publish Date: 2026-02-12
CVSS Base Score: 8.2
CVSS Temporal Score: Undefined
CVSS Environmental Score: Undefined
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Affected products and versions
PostgreSQL
- 18.1
- 18.0
EDB Postgres Extended Server
- Version 18.1.0
- Version 18.0.0
EDB Postgres Advanced Server
- Version 18.1.0
- Version 18.0.0
Remediation/fixes
EDB Postgres Extended Server
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| prior to 18.2.0 | 18.2.0 | 2026-02-12 |
EDB Postgres Advanced Server
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| prior to 18.2.0 | 18.2.0 | 2026-02-12 |
References
Related information
Could this page be better? Report a problem or suggest an addition!