AI Uncovers 20-Year-Old Critical Vulnerabilities in PostgreSQL and MariaDB

During Wiz's zeroday.cloud event, the AI‑powered security analysis tool Xint Code identified two high‑severity zero‑day vulnerabilities that allow remote code execution (RCE) in widely deployed open‑source databases: the pgcrypto extension of PostgreSQL and the JSON schema validation logic of MariaDB.

PostgreSQL vulnerability (CVE‑2026‑2005) : a heap‑based buffer overflow in the pgcrypto extension can be triggered by specially crafted input that causes a size mismatch, leading to out‑of‑bounds writes on the heap and RCE. The flaw affects all supported PostgreSQL versions and was patched in releases v18.2, v17.8, v16.12, v15.16, and v14.21. It received a CVSS score of 8.8. Researchers note that the vulnerable code has existed since the extension’s first contribution in 2005, over 20 years ago.

Additional PostgreSQL issue (CVE‑2026‑2006) : discovered by the “Team Bugz Bunnies” group, this missing‑validation flaw also enables arbitrary code execution, carries a near‑9 CVSS rating, and was fixed in the same update that addressed CVE‑2026‑2005.

MariaDB vulnerability (CVE‑2026‑32710) : a buffer overflow in the JSON_SCHEMA_VALID() function allows an authenticated user to trigger a crash that can be escalated to RCE under controlled conditions. The bug impacts MariaDB 11.4.1‑11.4.9 and 11.8.1‑11.8.5, with patches released in versions 11.4.10 and 11.8.6. GitHub rates the issue with a CVSS of 8.5, while NIST assigns a score of 9.9. Exploitation requires precise memory‑layout manipulation and is currently feasible only in laboratory environments.

The researchers reported that PostgreSQL powers roughly 80 % of cloud deployments, with 45 % of instances directly exposed to the Internet. Maintainers therefore urge users to upgrade immediately. The article provides version‑checking commands and upgrade instructions:

-- PostgreSQL
SELECT version();
-- MariaDB
SELECT VERSION();

# PostgreSQL (yum)
yum update postgresql-server
# MariaDB (apt)
apt update && apt install mariadb-server

If immediate upgrade is not possible, the authors recommend temporary mitigations:

Disable creation/loading of extensions such as pgcrypto for non‑privileged users.

Enable audit logging and monitor for abnormal PGP decryption or JSON validation requests.

Restrict public exposure of database servers and enforce IP whitelisting.