CVE-2026-32286

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Mar 26, 2026

Vendor unknown

Description

The DataRow.Decode function fails to properly validate field lengths. A malicious or compromised PostgreSQL server can send a DataRow message with a negative field length, causing a slice bounds out of range panic.

References

https://github.com/golang/vulndb/issues/4518
https://github.com/jackc/pgx/issues/2507
https://pkg.go.dev/vuln/GO-2026-4518