CVE-2026-2006 — Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffer overrun. That suffices to execute arbitrary code — CVE Database · The Intelligence Room