{"id":16173,"date":"2026-05-05T11:55:54","date_gmt":"2026-05-05T11:55:54","guid":{"rendered":"https:\/\/newestek.com\/?p=16173"},"modified":"2026-05-05T11:55:54","modified_gmt":"2026-05-05T11:55:54","slug":"ai-finds-20-year-old-bugs-in-postgresql-and-mariadb","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=16173","title":{"rendered":"AI finds 20-year-old bugs in PostgreSQL and MariaDB"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>Open-source databases are facing a bit of a memory problem as AI helps surface decades-old buffer overflow issues in widely used components. Security researchers have disclosed a set of high and critical-severity vulnerabilities affecting PostgreSQL and MariaDB, with two bugs reportedly tracing their roots back more than 20 years.<\/p>\n<p>At Wiz\u2019s zeroday.cloud hacking event, researchers using the AI-powered security analysis tool \u201c<a href=\"https:\/\/code.xint.io\/\" target=\"_blank\" rel=\"noreferrer noopener\">Xint Code<\/a>\u201d found a high-severity zero-day bug in PostgreSQL\u2019s \u201cpgcrypto\u201d extension, and a heap buffer overflow in MariaDB\u2019s JSON schema validation logic, both allowing remote code execution (RCE) on respective database servers.<\/p>\n<p>The Xint Code team also uncovered a missing validation bug in PostgreSQL, hidden for 20 years, allowing attackers to write arbitrary code.<\/p>\n<p>Patches have been released for all these flaws, with both PostgreSQL and MariaDB maintainers urging users to upgrade to fixed versions immediately.<\/p>\n<h2 class=\"wp-block-heading\"><a><\/a>More than one crack in PostgreSQL\u2019s foundation<\/h2>\n<p>The more pressing of the PostgreSQL zero-day flaws is a heap-based buffer overflow issue, tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-2005\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2026-2005<\/a>, in the \u201cpgcrypto\u201d extension. By using specially crafted input, an attacker can trigger a size mismatch that leads to out-of-bounds writes on the heap, researchers said in a blog <a href=\"https:\/\/www.zeroday.cloud\/blog\/postgres-xint\" target=\"_blank\" rel=\"noreferrer noopener\">post<\/a>.<\/p>\n<p>In environments where pgcrypto processes user-controlled input, this can be leveraged to achieve remote code execution on the database server.<\/p>\n<p>The flaw affected all supported versions, and has been fixed in updates including v18.2,v17.8,v16.12,v15.16, and v14.21. It received a high-severity rating of CVSS 8.8 out of 10. \u201cThe vulnerable code has been present since pgcrypto was first contributed in 2005, more than 20 years ago,\u201d the researchers added.<\/p>\n<p>This wasn\u2019t the only flaw reported in PostgreSQL. Another group of researchers competing as \u201cTeam Bugz Bunnies\u201c at the Wiz event found a missing validation bug, tracked as<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-2006\" target=\"_blank\" rel=\"noreferrer noopener\"> CVE-2026-2006<\/a>, that allows execution of arbitrary code. The flaw was rated at a near 9 CVSS severity and was patched in the same updates that fixed CVE-2026-2005.<\/p>\n<p>PostgreSQL maintainers <a href=\"https:\/\/www.postgresql.org\/support\/security\/CVE-2026-2005\/\" target=\"_blank\" rel=\"noreferrer noopener\">urged<\/a> customers to quickly patch the flaws as they went public after being unnoticed for years, and attackers have access to exploit code. The flaws were fixed in February, but a Wiz analysis found 80% of cloud environments using PostgreSQL with 45% directly exposed to the internet.<\/p>\n<h2 class=\"wp-block-heading\" id=\"inadequate-json-parsing-allowed-rce-on-the-mariadb-server\">Inadequate JSON parsing allowed RCE on the MariaDB server<\/h2>\n<p>In MariaDB, a buffer overflow bug, tracked as<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-32710\"> CVE-2026-32710<\/a>, was found in the JSON_SCHEMA_VALID() function using Xint Code. The vulnerability allows an authenticated user to trigger a crash, which, under controlled conditions, could be escalated into remote code execution.<\/p>\n<p>Compared to the PostgreSQL flaws, exploitation here is less straightforward. Successful code execution would require manipulation of memory layout, achievable only in \u201clab environments.\u201d \u201cAny user who can open a SQL session \u2014 whether through stolen credentials, SQL injection, or lateral movement \u2014 can reach this code path with a single function call,\u201d Team Xint Code said in a separate blog <a href=\"https:\/\/www.zeroday.cloud\/blog\/mariadb-cve-2026-32710-deep-dive\">post<\/a>.<\/p>\n<p>MariaDB versions 11.4.1-11.4.9, and 11.8.1-11.8.5 are affected, with a fix rolled out in 11.4.10 and 11.8.6, respectively. The flaw was assessed at 8.5 high-severity by <a href=\"https:\/\/github.com\/MariaDB\/server\/security\/advisories\/GHSA-4rj5-2227-9wgc\">GitHub<\/a>, while <a href=\"https:\/\/www.csoonline.com\/article\/4159882\/nist-cuts-down-cve-analysis-amid-vulnerability-overload.html\">NIST<\/a> ranked it at a critical 9.9 out of 10 base CVSS.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Open-source databases are facing a bit of a memory problem as AI helps surface decades-old buffer overflow issues in widely used components. Security researchers have disclosed a set of high and critical-severity vulnerabilities affecting PostgreSQL and MariaDB, with two bugs reportedly tracing their roots back more than 20 years. At Wiz\u2019s zeroday.cloud hacking event, researchers using the AI-powered security analysis tool \u201cXint Code\u201d found a&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=16173\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-16173","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16173","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16173"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16173\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16173"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16173"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16173"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}