CVE-2026-2003

Published Feb 12, 2026

Last updated 8 days ago

CVSS medium 4.3

Overview

Description: Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
Source: f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
NVD status: Analyzed
Products: postgresql

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007: CWE-1287

Hype score: Not currently trending

Top 5 Trending CVEs: 1 - CVE-2026-2441 2 - CVE-2026-20700 3 - CVE-2026-2003 4 - CVE-2025-21042 5 - CVE-2025-59536 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
26 Feb 2026
182 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4BCEAB7B-E4FC-4F9F-A1F9-62EA7DD6D6CC",
            "versionEndExcluding": "14.21",
            "versionStartIncluding": "14.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4B408DAF-2DCD-45FE-94EE-BC84947A41C8",
            "versionEndExcluding": "15.16",
            "versionStartIncluding": "15.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "6353A59B-FE67-4DD5-B0E6-C10F0D2358D0",
            "versionEndExcluding": "16.12",
            "versionStartIncluding": "16.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "E2CCF450-C726-403A-975F-B5717E92A769",
            "versionEndExcluding": "17.8",
            "versionStartIncluding": "17.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "6B872502-5316-4E79-8FA1-24E5D8222C39",
            "versionEndExcluding": "18.2",
            "versionStartIncluding": "18.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References