postgresql-private-libs (AlmaLinux:10) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:10 package postgresql-private-libs, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2026-6477 — CVSS 8.8 (high): Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and…
CVE-2026-2004 — CVSS 8.8 (high): Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute…
CVE-2026-2005 — CVSS 8.8 (high): Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the…
CVE-2026-2006 — CVSS 8.8 (high): Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that…
CVE-2026-6473 — CVSS 8.8 (high): Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an…
CVE-2026-6475 — CVSS 8.8 (high): Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g…
CVE-2026-6478 — CVSS 6.5 (medium): Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials…
CVE-2026-2003 — CVSS 4.3 (medium): Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled…