VDB
CVE-2026-2007
CVE-2026-2007
PUBLISHED
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.
EPSS 0.02% · 6.0th percentile
Risk Scores
EPSS Score
0.02%
6.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | postgresql | 18.0.0 |
| Bitnami | postgresql | 18.0.0 |
Exploit Intelligence
- index.yaml (github-poc)
- index.yaml (github-poc)
- index.yaml (github-poc)
- index.yaml (github-poc)
- index.yaml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
…and 15 more exploits
Timeline
- Feb 12, 2026 CVE Published
- Feb 12, 2026 CVE Updated
- Feb 13, 2026 EPSS Score
- Feb 15, 2026 EPSS Score
- Feb 17, 2026 EPSS Score
- Feb 19, 2026 EPSS Score
- Feb 21, 2026 EPSS Score
- Feb 23, 2026 EPSS Score
- Feb 25, 2026 EPSS Score
- Feb 27, 2026 EPSS Score
- Feb 28, 2026 EPSS Score
- Mar 2, 2026 EPSS Score