What the vulnerability does

01Description

A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.

Key dates

02Disclosure timeline

March 12, 2026 CVE published
May 10, 2026 Record updated