Cyber Resilience

CVE-2026-3172

High

Published: 25 February 2026

Published
25 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0026 17.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-3172 is a high-severity Wrap or Wraparound (CWE-191) vulnerability. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Similarity Search; in the Privacy and Disclosure risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2026-3172 is a buffer overflow vulnerability in the parallel HNSW index build feature of the pgvector PostgreSQL extension, affecting versions 0.6.0 through 0.8.1. pgvector provides vector similarity search capabilities, often used for AI/ML workloads involving embedding storage and retrieval. The flaw arises from inadequate bounds checking during parallel Hierarchical Navigable Small World (HNSW) index construction, potentially leading to memory corruption as mapped to CWE-191 (Integer Underflow or Wraparound) and CWE-787 (Out-of-bounds Write). It was published on 2026-02-25 with a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).

A database user with low privileges can exploit this remotely over the network without user interaction. By triggering the vulnerable parallel HNSW index build—such as via CREATE INDEX in parallel mode—they can leak sensitive data from other relations (high confidentiality impact) or crash the PostgreSQL server (high availability impact), resulting in denial of service.

The GitHub issue at https://github.com/pgvector/pgvector/issues/959 serves as the primary reference, documenting the vulnerability and likely including patch details or mitigation guidance from the pgvector maintainers.

This issue holds relevance for AI/ML deployments relying on pgvector for vector databases, but no real-world exploitation is noted in the available information.

EU & UK References

Vulnerability details

Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.

CWE(s)

AI Security AnalysisAI

AI Category
Similarity Search
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: pgvector

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow in exposed pgvector/Postgres extension directly enables remote exploitation of public-facing app (T1190), unauthorized data leaks from database relations (T1213.006), and DoS via targeted application crash (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-29909Shared CWE-191, CWE-787
CVE-2026-29078Shared CWE-191, CWE-787
CVE-2025-1924Shared CWE-191, CWE-787
CVE-2025-25901Shared CWE-787
CVE-2025-32008Shared CWE-787
CVE-2026-27664Shared CWE-787
CVE-2024-13166Shared CWE-787
CVE-2019-25654Shared CWE-787
CVE-2024-24423Shared CWE-787
CVE-2025-67269Shared CWE-191

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation requires patching pgvector versions 0.6.0 through 0.8.1 to directly fix the buffer overflow in parallel HNSW index builds.

prevent

Secure PostgreSQL configuration settings, such as max_parallel_maintenance_workers=0, prevent triggering of vulnerable parallel HNSW index builds.

prevent

Memory protection safeguards like stack canaries and ASLR mitigate exploitation of the buffer overflow for data leaks or server crashes.

References