Back to search

PostgreSQL

PostgreSQL

See the latest tracked release, confirm when it was published, and subscribe for update emails.

18 Switch to this train 17 Current train 16 Switch to this train 15 Switch to this train 14 Switch to this train
Current version
Last checked: yesterday

17.9

Release date
February 23, 2026
CVE status
4 visible CVEs

Source

endoflife.date

Public release notes are linked for the latest stored release.

View release notes Subscribe to updates

Release history

See the latest published releases stored for this product.

Version Published Notes
17.9 2026-02-23 Release Notes

Vulnerability tracking

Review curated CVEs for this product and see whether the current version is marked affected. Only CVEs with a CVSS score of 7.0 or higher and published in the last 90 days are shown.

CVE Severity Published Status Summary
CVE-2026-2007 HIGH (8.2) 2026-02-12 Current versionnot affected

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.

Affected versions
  • From (including) 18.0 - Up to (excluding) 18.2
CVE-2026-2006 HIGH (8.8) 2026-02-12 Current versionnot affected

Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Affected versions
  • From (including) 14.0 - Up to (excluding) 14.21
  • From (including) 15.0 - Up to (excluding) 15.16
Show 3 more
  • From (including) 16.0 - Up to (excluding) 16.12
  • From (including) 17.0 - Up to (excluding) 17.8
  • From (including) 18.0 - Up to (excluding) 18.2
CVE-2026-2005 HIGH (8.8) 2026-02-12 Current versionnot affected

Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Affected versions
  • From (including) 14.0 - Up to (excluding) 14.21
  • From (including) 15.0 - Up to (excluding) 15.16
Show 3 more
  • From (including) 16.0 - Up to (excluding) 16.12
  • From (including) 17.0 - Up to (excluding) 17.8
  • From (including) 18.0 - Up to (excluding) 18.2
CVE-2026-2004 HIGH (8.8) 2026-02-12 Current versionnot affected

Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

Affected versions
  • From (including) 14.0 - Up to (excluding) 14.21
  • From (including) 15.0 - Up to (excluding) 15.16
Show 3 more
  • From (including) 16.0 - Up to (excluding) 16.12
  • From (including) 17.0 - Up to (excluding) 17.8
  • From (including) 18.0 - Up to (excluding) 18.2