HIGHRemediated

CVE-2026-0447

Row security policy bypass via parallel query

Technology

PostgreSQL

CVSS Score

7.7 / 10.0

Affected Versions

12.0 – 12.18

Patched In

OSSeva for PostgreSQL 12.18-osseva-1

Published

February 20, 2026

Remediated

March 8, 2026 (1mo ago)

Description

PostgreSQL's row-level security policies can be bypassed when a query uses parallel execution plans, allowing an authenticated low-privilege user to read rows they should not have access to.

Is your PostgreSQL deployment affected?

If you're running 12.0 – 12.18, you need this patch. Book a discovery call to get covered.

Book a discovery call View PostgreSQL coverage →