AI finds 20-year-old bugs in PostgreSQL and MariaDB
Summary
Researchers at Wiz's zeroday.cloud event, utilizing an AI tool called Xint Code, have discovered several high and critical-severity vulnerabilities in PostgreSQL and MariaDB. These vulnerabilities, including heap buffer overflows and missing validation flaws, can lead to remote code execution and some have existed for over 20 years. Patches have been released and users are urged to upgrade immediately.
IFF Assessment
This article highlights critical vulnerabilities in widely used database systems that could be exploited by attackers, representing a threat to defenders.
Severity
The article explicitly states CVE-2026-2005 received a high-severity rating of CVSS 8.8, indicating a significant risk of remote code execution on database servers when pgcrypto processes user-controlled input.
Defender Context
This discovery underscores the importance of regularly auditing and patching widely used open-source software, especially core infrastructure like databases. Defenders should prioritize updating PostgreSQL and MariaDB instances to mitigate the risk of remote code execution. The involvement of AI in finding these long-standing bugs suggests a future where AI could significantly accelerate vulnerability discovery, impacting both offensive and defensive capabilities.