{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-33815", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2026-03-23T20:35:32.814Z", "datePublished": "2026-04-07T15:19:24.344Z", "dateUpdated": "2026-07-09T12:10:01.473Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2026-04-17T18:30:29.157Z" }, "title": "CVE-2026-33815 in github.com/jackc/pgx", "descriptions": [ { "lang": "en", "value": "Memory-safety vulnerability in github.com/jackc/pgx/v5." } ], "affected": [ { "vendor": "github.com/jackc/pgx/v5", "product": "github.com/jackc/pgx/v5/pgproto3", "collectionURL": "https://pkg.go.dev", "packageName": "github.com/jackc/pgx/v5/pgproto3", "versions": [ { "version": "0", "lessThan": "5.9.0", "status": "affected", "versionType": "semver" } ], "programRoutines": [ { "name": "Bind.Decode" }, { "name": "Backend.Receive" } ], "defaultStatus": "unaffected" } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "description": "CWE-129 — Improper Validation of Array Index" } ] } ], "references": [ { "url": "https://pkg.go.dev/vuln/GO-2026-4771" } ] }, "adp": [ { "metrics": [ { "cvssV3_1": { "scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH" } }, { "other": { "type": "ssvc", "content": { "timestamp": "2026-04-09T14:21:42.714758Z", "id": "CVE-2026-33815", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-14T16:04:02.725Z" } }, { "affected": [ { "cpes": [ "cpe:/a:redhat:cryostat:4::el9" ], "defaultStatus": "affected", "product": "Cryostat 4 on RHEL 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:edge_manager:1.0::el9" ], "defaultStatus": "affected", "product": "RHEM 1.0 for RHEL 9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9" ], "defaultStatus": "affected", "product": "Custom Metric Autoscaler 2.19", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:multicluster_globalhub:1.3::el9" ], "defaultStatus": "affected", "product": "Multicluster Global Hub 1.3.4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:multicluster_globalhub:1.7::el9" ], "defaultStatus": "affected", "product": "Multicluster Global Hub 1.7.1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:acm:2.15::el9" ], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Management for Kubernetes 2.15", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:acm:2.16::el9" ], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Management for Kubernetes 2.16", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.10::el8" ], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Security for Kubernetes 4.10", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.8::el8" ], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4.9::el8" ], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:trusted_artifact_signer:1.3::el9" ], "defaultStatus": "affected", "product": "Red Hat Trusted Artifact Signer 1.3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2" ], "defaultStatus": "affected", "product": "Custom Metric Autoscaler operator for Red Hat Openshift", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:multicluster_engine" ], "defaultStatus": "affected", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:multicluster_globalhub" ], "defaultStatus": "affected", "product": "Multicluster Global Hub", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_pipelines:1" ], "defaultStatus": "affected", "product": "OpenShift Pipelines", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:red_hat_3scale_amp:2" ], "defaultStatus": "affected", "product": "Red Hat 3scale API Management Platform 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:advanced_cluster_security:4" ], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Security 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:edge_manager:1" ], "defaultStatus": "affected", "product": "Red Hat Edge Manager 1", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:10" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:hummingbird:1" ], "defaultStatus": "affected", "product": "Red Hat Hardened Images", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_ai" ], "defaultStatus": "affected", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_data_foundation:4" ], "defaultStatus": "affected", "product": "Red Hat Openshift Data Foundation 4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:trusted_artifact_signer:1" ], "defaultStatus": "affected", "product": "Red Hat Trusted Artifact Signer", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:zero_trust_workload_identity_manager:0" ], "defaultStatus": "affected", "product": "Zero Trust Workload Identity Manager - Tech Preview", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:quay:3" ], "defaultStatus": "unaffected", "product": "Red Hat Quay 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:zero_trust_workload_identity_manager:1" ], "defaultStatus": "unaffected", "product": "Zero Trust Workload Identity Manager", "vendor": "Red Hat" } ], "datePublic": "2026-04-07T15:19:24.344Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in github.com/jackc/pgx. This memory-safety vulnerability could potentially lead to unexpected behavior or system instability." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2026-33815" }, { "name": "RHBZ#2455975", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455975" }, { "tags": [ "x_sadp-csaf-vex" ], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33815.json" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:17789" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:36796" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:26636" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:22423" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:24503" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:24539" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:25273" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:13829" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:11070" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:11217" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:13791" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:24479" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:24475" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:24482" } ], "solutions": [ { "lang": "en", "value": "RHSA-2026:17789: Cryostat 4 on RHEL 9" }, { "lang": "en", "value": "RHSA-2026:36796: RHEM 1.0 for RHEL 9" }, { "lang": "en", "value": "RHSA-2026:26636: Custom Metric Autoscaler 2.19" }, { "lang": "en", "value": "RHSA-2026:22423: Multicluster Global Hub 1.3.4" }, { "lang": "en", "value": "RHSA-2026:24503: Multicluster Global Hub 1.7.1" }, { "lang": "en", "value": "RHSA-2026:24539: Red Hat Advanced Cluster Management for Kubernetes 2.15" }, { "lang": "en", "value": "RHSA-2026:25273: Red Hat Advanced Cluster Management for Kubernetes 2.16" }, { "lang": "en", "value": "RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10" }, { "lang": "en", "value": "RHSA-2026:11070: Red Hat Advanced Cluster Security for Kubernetes 4.8" }, { "lang": "en", "value": "RHSA-2026:11217: Red Hat Advanced Cluster Security for Kubernetes 4.8" }, { "lang": "en", "value": "RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9" }, { "lang": "en", "value": "RHSA-2026:24479: Red Hat Trusted Artifact Signer 1.3" }, { "lang": "en", "value": "RHSA-2026:24475: Red Hat Trusted Artifact Signer 1.3" }, { "lang": "en", "value": "RHSA-2026:24482: Red Hat Trusted Artifact Signer 1.3" } ], "timeline": [ { "lang": "en", "time": "2026-04-07T16:01:25.130Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2026-04-07T15:19:24.344Z", "value": "Made public." } ], "title": "github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_adpType": "supplier", "x_generator": { "engine": "sadp-cli 1.0.0" }, "providerMetadata": { "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-07-09T12:10:01.473Z" } } ] } }