FIND-20260406-002 · 2026-04-06 · Innovation Veille

CVE-2026-2007 — PostgreSQL pg_trgm Heap Buffer Overflow (HIGH, CVSS 8.2)

cve HIGH
Heap buffer overflow in PostgreSQL pg_trgm extension (CVSS 8.2). A database user can trigger the overflow via crafted input strings, potentially leading to privilege escalation. Affects PostgreSQL 17.7 and earlier, 16.11 and earlier, 15.15 and earlier. Fixed in PostgreSQL 17.8+. ODS runs PostgreSQL 17 — verify exact minor version. If on 17.7 or earlier, upgrade is required. This is distinct from the previously tracked pgcrypto HIGH CVE.

Source

https://www.postgresql.org/support/security/CVE-2026-2007/

ODS Impact

ODS uses PostgreSQL 17 (ods-postgres container). If the pg_trgm extension is enabled in any ODS schema (docstore, oid, billing, etc.), all database users with query access are potentially affected. Action: check if pg_trgm is installed (SELECT * FROM pg_extension WHERE extname='pg_trgm'), upgrade PostgreSQL container to 17.8+ image if not already done.

Security Review

License: PostgreSQL License | Maintenance: ACTIVE | Risk: LOW | Recommendation: USE_WITH_CAUTION

Tags

postgresql cve high buffer-overflow pg_trgm database upgrade-required
Generated by ODS Innovation Veille · 2026-04-06T03:19:54+00:00