{"id":"CLEANSTART-2026-HJ04971","summary":"vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT","details":"Multiple security vulnerabilities affect the postgresql package. A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. See references for individual vulnerability details.","modified":"2026-04-02T13:31:29.870705Z","published":"2026-01-30T17:21:56.808972Z","upstream":["CVE-2017-15098","CVE-2017-15099","CVE-2017-7484","CVE-2017-7485","CVE-2017-7486","CVE-2017-7546","CVE-2017-7547","CVE-2017-7548","CVE-2018-1052","CVE-2018-1058","CVE-2018-16850","CVE-2019-10129","CVE-2019-10130","CVE-2019-10208","CVE-2019-10209","CVE-2020-14349","CVE-2020-14350","CVE-2020-25694","CVE-2020-25695","CVE-2020-25696","CVE-2021-20229","CVE-2021-23214","CVE-2021-32027","CVE-2021-32028","CVE-2021-32029","CVE-2021-3393","CVE-2021-3677","CVE-2022-2625","CVE-2022-41862","CVE-2023-2454","CVE-2023-2455","CVE-2023-39418","CVE-2023-5870","CVE-2024-7348"],"database_specific":{},"references":[{"type":"ADVISORY","url":"https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-HJ04971"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2017-15098"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2017-15099"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2017-7484"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2017-7485"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2017-7486"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2017-7546"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2017-7547"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2017-7548"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-1052"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-1058"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2018-16850"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2019-10129"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2019-10130"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2019-10208"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2019-10209"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-14349"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-14350"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-25694"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-25695"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2020-25696"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-20229"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-23214"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-32027"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-32028"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-32029"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-3393"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2021-3677"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-2625"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2022-41862"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2023-2454"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2023-2455"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2023-39418"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2023-5870"},{"type":"WEB","url":"https://osv.dev/vulnerability/CVE-2024-7348"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15098"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15099"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7484"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7485"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7486"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7546"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7547"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7548"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1052"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1058"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16850"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10129"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10130"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10208"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10209"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14349"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14350"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25694"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25695"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25696"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-20229"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23214"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32027"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32028"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32029"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3393"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3677"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2625"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41862"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2454"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2455"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39418"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5870"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7348"}],"affected":[{"package":{"name":"postgresql","ecosystem":"CleanStart"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.6.4-r0"}]}],"database_specific":{"source":"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-HJ04971.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}