JLSEC-2026-54 — Vulnetix

JLSEC-2026-54 PUBLISHED CVSS 9.300000190734863 CRITICAL

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Risk Scores

CVSS v4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Julia	LibPQ_jll	14.1.0+0, 14.1.0+0

Timeline

Apr 3, 2026 CVE Published
Apr 3, 2026 CVE Updated

References

https://www.postgresql.org/support/security/CVE-2026-2004/ url

Open in Interactive Console →