ALPINE-CVE-2026-2003

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2026-2003

Published: 12 Feb 2026, 14:16

Last modified:15 Feb 2026, 20:14

Vulnerability Summary

Overall Risk (default)

low

17/100

CVSS Score

4.3 MEDIUM

3.1 (osv_alpine)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 Feb 2026, 14:16

Published

Vulnerability first disclosed

15 Feb 2026, 20:14

Last Modified

Vulnerability information updated

Description

Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.

CVSS Metrics

v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Systems

alpine•postgresql15
< 15.16-r0
alpine•postgresql16
< 16.12-r0 | < 16.12-r0 | < 16.12-r0
alpine•postgresql17
< 17.8-r0 | < 17.8-r0 | < 17.8-r0
alpine•postgresql18
< 18.2-r0

References (1)

https://security.alpinelinux.org/vuln/CVE-2026-2003