CVE-2026-3172
Vulnerability
CVE-2026-3172
pgvector: pgvector: Information disclosure or denial of service via buffer overflow in parallel HNSW index build
ecosystem: redhat:9, redhat:10Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.
References
- secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2026-3172
- secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2443037
- secalert@redhat.com: https://github.com/pgvector/pgvector/issues/959
- secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2026-3172
- secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2026-3172
severityM
Moderate
type: vendor
source: secalert@redhat.com
CVSS3.1
6.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
| AV | Network | |
|---|---|---|
| AC | High | |
| PR | Low | |
| UI | None | |
| S | Not Changed | |
| C | High | |
| I | None | |
| A | High |
source: secalert@redhat.com
 CWE
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
source: secalert@redhat.com
published: 2026-02-25 20:59:10
modified: 2026-02-27 02:50:53
Detection
redhat:10
CVE-2026-3172
redhat-vex
OR
unfixedUnder investigation
 
pgvector
package type: binary
type: version
unfixedUnder investigation
 
postgresql18-pgvector
package type: source
type: version
tag: rhel-10:21abbb3b-5cf2-0d8d-cf69-e5b8eec58505
redhat:9
CVE-2026-3172
redhat-vex
OR
unfixedUnder investigation
 
postgresql:16::pgvector
package type: binary
type: version
unfixedUnder investigation
 
postgresql:16::pgvector
package type: source
type: version
tag: rhel-9-including-unpatched:38644fb1-41f3-e75c-6883-8058b7d52d58
Data Sources
- RedHat Enterprise Linux CSAF VEX
redhat-vex
