suse · CVE-2026-2007

Quick triage

Priority: high Published: 2026-03-05 00:19:22 UTC Updated: 2026-04-16 13:38:35 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2026-2007 severity important: SUSE including 132 source package names (docker-28.5.1_ce-slfo.1.1_8.1, docker-buildx-0.29.0-slfo.1.1_8.1, …), 850 product×package rows across 49 product lines (Container suse/manager/5.0/x86_64/server, Container suse/manager/5.0/x86_64/server-migration-14-16, … (49 product lines)): Known Not Affected 657, Fixed 182, First Fixed 11.

Description:

Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and 18.0 are affected.

cvelogic Threat Intelligence