VDB

ALPINE-CVE-2026-2005

ALPINE-CVE-2026-2005 PUBLISHED CVSS 8.800000190734863 HIGH

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Risk Scores

CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.23postgresql1818.0-r0, 18.1-r0, 0
Alpine:v3.21postgresql1717.7-r0, 17.0-r0, 17.0-r1
Alpine:v3.23postgresql1717.7-r0, 17.2-r0, 17.6-r1
Alpine:v3.20postgresql1616.10-r0, 16.3-r0, 16.0-r2
Alpine:v3.21postgresql1616.11-r0, 16.10-r0, 16.1-r0
Alpine:v3.20postgresql1515.15-r0, 15.1-r0, 0
Alpine:v3.22postgresql170, 17.7-r0, 17.6-r0
Alpine:v3.22postgresql1616.8-r4, 16.8-r3, 16.8-r2

Timeline

  • Feb 12, 2026 CVE Published
  • Feb 15, 2026 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›