ALPINE-CVE-2026-2003 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2026-2003 PUBLISHED CVSS 4.300000190734863 MEDIUM

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Alpine:v3.23	postgresql18	18.0-r0, 18.1-r0, 18.0-r0
Alpine:v3.21	postgresql17	17.0-r1, 17.0-r0, 0
Alpine:v3.23	postgresql17	17.4-r1, 17.6-r1, 0
Alpine:v3.22	postgresql17	17.5-r0, 17.6-r0, 17.7-r0
Alpine:v3.21	postgresql16	16.9-r0, 16.8-r0, 16.6-r0
Alpine:v3.20	postgresql16	16.4-r0, 0, 16.0-r1
Alpine:v3.22	postgresql16	16.5-r0, 16.6-r0, 16.8-r0
Alpine:v3.20	postgresql15	15.4-r1, 15.4-r0, 15.3-r1

Timeline

Feb 12, 2026 CVE Published
Feb 15, 2026 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2026-2003 advisory

Open in Interactive Console →