PoC Exploit Released for 20-Year Old PostgreSQL RCE Vulnerability
RedSide Security May 20, 2026 Vulnerability 89 views
A public proof-of-concept (PoC) exploit has been released for **CVE-2026-2005**, a critical remote code execution vulnerability in PostgreSQL’s **pgcrypto extension**. The flaw stems from a long-standing heap-based buffer overflow in PGP session key parsing and can allow attackers to escalate privileges to PostgreSQL superuser and execute operating system commands under certain conditions.