CVE-2026-3172

High

Published: 25 February 2026

Published

25 February 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Score 0.0006 19.6th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3172 is a high-severity Wrap or Wraparound (CWE-191) vulnerability. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 19.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Flaw remediation requires patching pgvector versions 0.6.0 through 0.8.1 to directly fix the buffer overflow in parallel HNSW index builds.

CM-6 Configuration Settings partial match

prevent

Secure PostgreSQL configuration settings, such as max_parallel_maintenance_workers=0, prevent triggering of vulnerable parallel HNSW index builds.

SI-16 Memory Protection partial match

prevent

Memory protection safeguards like stack canaries and ASLR mitigate exploitation of the buffer overflow for data leaks or server crashes.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Buffer overflow in exposed pgvector/Postgres extension directly enables remote exploitation of public-facing app (T1190), unauthorized data leaks from database relations (T1213.006), and DoS via targeted application crash (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.

Deeper analysisAI

CVE-2026-3172 is a buffer overflow vulnerability in the parallel HNSW index build feature of the pgvector PostgreSQL extension, affecting versions 0.6.0 through 0.8.1. pgvector provides vector similarity search capabilities, often used for AI/ML workloads involving embedding storage and retrieval. The flaw arises from inadequate bounds checking during parallel Hierarchical Navigable Small World (HNSW) index construction, potentially leading to memory corruption as mapped to CWE-191 (Integer Underflow or Wraparound) and CWE-787 (Out-of-bounds Write). It was published on 2026-02-25 with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).

A database user with low privileges can exploit this remotely over the network without user interaction. By triggering the vulnerable parallel HNSW index build—such as via CREATE INDEX in parallel mode—they can leak sensitive data from other relations (high confidentiality impact) or crash the PostgreSQL server (high availability impact), resulting in denial of service.

The GitHub issue at https://github.com/pgvector/pgvector/issues/959 serves as the primary reference, documenting the vulnerability and likely including patch details or mitigation guidance from the pgvector maintainers.

This issue holds relevance for AI/ML deployments relying on pgvector for vector databases, but no real-world exploitation is noted in the available information.