VDB
CISA-2026-4427
CISA-2026-4427
PUBLISHED
CVSS 7.5 HIGH
Reported by redhat · Published March 19, 2026
A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service (DoS) due to a slice bounds out of range panic.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Assisted Installer for Red Hat OpenShift Container Platform 2 | |
| Red Hat | Assisted Installer for Red Hat OpenShift Container Platform 2 | |
| Red Hat | Multicluster Engine for Kubernetes | |
| Red Hat | Multicluster Engine for Kubernetes | |
| Red Hat | Multicluster Engine for Kubernetes | |
| Red Hat | Multicluster Engine for Kubernetes | |
| Red Hat | Multicluster Engine for Kubernetes | |
| Red Hat | Multicluster Engine for Kubernetes | |
| Red Hat | Multicluster Engine for Kubernetes | |
| Red Hat | Multicluster Engine for Kubernetes | |
| Red Hat | Multicluster Engine for Kubernetes | |
| Red Hat | Multicluster Global Hub | |
| Red Hat | Multicluster Global Hub | |
| Red Hat | Multicluster Global Hub | |
| Red Hat | Multicluster Global Hub | |
| Red Hat | Multicluster Global Hub | |
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 | |
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 | |
| Red Hat | Red Hat Advanced Cluster Security 4 | |
| Red Hat | Red Hat Advanced Cluster Security 4 |
…and 84 more
Timeline
- Mar 19, 2026 CVE Published
- Mar 25, 2026 CVE Updated
References
- vdb-entryx_refsource_REDHAT
- RHBZ#2448626 issue-trackingx_refsource_REDHAT