VDB

CISA-2026-4427

CISA-2026-4427 PUBLISHED CVSS 7.5 HIGH

Reported by redhat · Published March 19, 2026

A flaw was found in pgproto3. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message with a negative field length. This input validation vulnerability can lead to a denial of service (DoS) due to a slice bounds out of range panic.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red HatAssisted Installer for Red Hat OpenShift Container Platform 2
Red HatAssisted Installer for Red Hat OpenShift Container Platform 2
Red HatMulticluster Engine for Kubernetes
Red HatMulticluster Engine for Kubernetes
Red HatMulticluster Engine for Kubernetes
Red HatMulticluster Engine for Kubernetes
Red HatMulticluster Engine for Kubernetes
Red HatMulticluster Engine for Kubernetes
Red HatMulticluster Engine for Kubernetes
Red HatMulticluster Engine for Kubernetes
Red HatMulticluster Engine for Kubernetes
Red HatMulticluster Global Hub
Red HatMulticluster Global Hub
Red HatMulticluster Global Hub
Red HatMulticluster Global Hub
Red HatMulticluster Global Hub
Red HatRed Hat Advanced Cluster Management for Kubernetes 2
Red HatRed Hat Advanced Cluster Management for Kubernetes 2
Red HatRed Hat Advanced Cluster Security 4
Red HatRed Hat Advanced Cluster Security 4

…and 84 more

Timeline

  • Mar 19, 2026 CVE Published
  • Mar 25, 2026 CVE Updated

References

  • vdb-entryx_refsource_REDHAT
  • RHBZ#2448626 issue-trackingx_refsource_REDHAT
Open in Interactive Console →
$ Console Community · 100/wk Open console ›