CVE-2026-21708NVD

A vulnerability allowing a Backup Viewer to perform remote code execution (RCE) as the postgres user.

Severity Level

CRITICAL(9.9)

Published Date

Mar 12, 2026

Last Modified

May 10, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

Improper neutralization of special elements used in an SQL command, allowing attackers to modify queries.

EPSS Score (30-Day)

1.52%Probability

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityLow