CVE-2026-32286

Published March 26th, 2026

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECTS

Description

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.

jackc/pgx

PostgreSQL driver and toolkit for Go

GitHub

13.9K

golang/vulndb

[mirror] The Go Vulnerability Database

GitHub

601