CVE-2026-3172
Published: 25 February 2026
Summary
CVE-2026-3172 is a high-severity Wrap or Wraparound (CWE-191) vulnerability. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Similarity Search; in the Privacy and Disclosure risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).
Deeper analysis
CVE-2026-3172 is a buffer overflow vulnerability in the parallel HNSW index build feature of the pgvector PostgreSQL extension, affecting versions 0.6.0 through 0.8.1. pgvector provides vector similarity search capabilities, often used for AI/ML workloads involving embedding storage and retrieval. The flaw arises from inadequate bounds checking during parallel Hierarchical Navigable Small World (HNSW) index construction, potentially leading to memory corruption as mapped to CWE-191 (Integer Underflow or Wraparound) and CWE-787 (Out-of-bounds Write). It was published on 2026-02-25 with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
A database user with low privileges can exploit this remotely over the network without user interaction. By triggering the vulnerable parallel HNSW index build—such as via CREATE INDEX in parallel mode—they can leak sensitive data from other relations (high confidentiality impact) or crash the PostgreSQL server (high availability impact), resulting in denial of service.
The GitHub issue at https://github.com/pgvector/pgvector/issues/959 serves as the primary reference, documenting the vulnerability and likely including patch details or mitigation guidance from the pgvector maintainers.
This issue holds relevance for AI/ML deployments relying on pgvector for vector databases, but no real-world exploitation is noted in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-8743
Vulnerability details
Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Similarity Search
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: pgvector
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in exposed pgvector/Postgres extension directly enables remote exploitation of public-facing app (T1190), unauthorized data leaks from database relations (T1213.006), and DoS via targeted application crash (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation requires patching pgvector versions 0.6.0 through 0.8.1 to directly fix the buffer overflow in parallel HNSW index builds.
Secure PostgreSQL configuration settings, such as max_parallel_maintenance_workers=0, prevent triggering of vulnerable parallel HNSW index builds.
Memory protection safeguards like stack canaries and ASLR mitigate exploitation of the buffer overflow for data leaks or server crashes.