Security Advisory: PostgreSQL and pgVector Vulnerability
On February 25, 2026, a high-severity vulnerability affecting PostgreSQL and its extension, pgVector, was disclosed. This vulnerability has been assigned a CNA score of 8.1, indicating a significant risk that organizations using these technologies should address promptly.
The affected technologies include:
- PostgreSQL
- pgVector
Notably, there are currently no public exploits or known exploits listed in the CISA Known Exploited Vulnerabilities (KEV) database. The exploitation probability percentile stands at 14.5%, suggesting a moderate likelihood of exploitation in the wild.
The vulnerability impacts specific packages and libraries, including:
- pgvector
- postgresql18-pgvector
As organizations assess their security posture, it is advisable to monitor for updates and apply any necessary patches to mitigate potential risks associated with this vulnerability.
