PostgreSQL and MariaDB vulnerabilities prompt immediate patch releases
Updated
Updated · InfoWorld · May 5
PostgreSQL and MariaDB vulnerabilities prompt immediate patch releases
4 articles · Updated · InfoWorld · May 5
At Wiz’s zeroday.cloud event, Xint Code found PostgreSQL flaws CVE-2026-2005 and CVE-2026-2006, plus MariaDB CVE-2026-32710, with two bugs dating back more than 20 years.
The PostgreSQL bugs can enable remote or arbitrary code execution and affect supported releases, fixed in versions including 18.2, 17.8 and 14.21; MariaDB fixed affected 11.4 and 11.8 branches.
Maintainers urged rapid upgrades because exploit code is available, while Wiz said 80% of cloud environments use PostgreSQL and 45% are directly exposed to the internet.
If critical database flaws can hide for decades, what other 'zombie' code is lurking in the software we use daily?
As AI accelerates vulnerability discovery, is the era of 'Patch Tuesday' over, forcing a move to 'Patch Everyday'?
With AI finding 20-year-old bugs, is it our greatest security threat or our best new defense?
2026 Database Security Crisis: Exploitable PostgreSQL and MariaDB Flaws Threaten Full System Compromise
Overview
In early 2026, critical vulnerabilities were discovered in PostgreSQL and MariaDB databases, allowing attackers with basic access to execute arbitrary code or system commands. PostgreSQL's flaws in the pgcrypto extension and UTF-8 handling enable deep system compromise, while MariaDB's JSON_SCHEMA_VALID() bug can crash servers and, under certain conditions, allow remote code execution. Successful exploitation leads to severe security breaches that threaten business continuity, regulatory compliance, customer trust, and contractual obligations. Despite patches released in February 2026, unpatched systems remain at high risk, emphasizing the urgent need for immediate updates to protect sensitive data and prevent widespread damage.