Multiple vulnerabilities on PostgreSQL

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2026-005 CVE-2026-2003 , CVE-2026-2005 , CVE-2026-2006 02/02/2026 medium v1

Vulnerability details

Several vulnerabilities have been identified in PostgreSQL, impacting SMC.

Impacted products

ProductsSeverityDetail
Stormshield Management Center medium SMC is impacted

Revisions

Version Date Description
v1 Initial release


Stormshield Management Center

CVSS v3.1 Overall Score: 5.8      

Analysis

Impacted version

Several vulnerabilities have been identified by PostgreSQL, which could cause buffer overflows or arbitrary code execution.

An attacker could exploit these vulnerabilities, by sending especially crafted queries to cause these risks on SMC.
  • < SMC 3.9.0

Workaround solution

Solution

There is no workaround solution.

The SMC 3.9.0 update will fix this vulnerability.



Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Local Low High None Unchanged High High High
CVSS Base score: 6.7 CVSS Vector: (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 5.8 CVSS Vector: (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Confidentiality Requirement (CR) Integrity Requirement (IR) Availability Requirement (AR)
High High Medium
CVSS Environmental score: 5.8 CVSS Vector: (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C/CR:H/IR:H/AR:M/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)