Heap Use After Free in openGauss Database due to NLS Parameter Handling
CVE-2026-14178

5.9MEDIUM

Key Information:

Vendor: Opengauss-server
Status: Opengauss-server-7.0.0-rc2; Opengauss-server-7.0.0-rc1; Opengauss-server-7.0.0-rc3
Vendor: CVE Published:; 30 June 2026

🔔 Create Opengauss-server Vulnerability Alert

What is CVE-2026-14178?

The openGauss database experiences a vulnerability in the handling of NLS parameters particularly with the to_timestamp function. When NLS parameters are processed using the to_timestamp_with_fmt_nls() function, a critical oversight allows the nls_fmt_str to be stored in an inappropriate memory context. Once the SeqScan operation completes, this context is reset. However, the subsequent output phase attempts to access the released memory, leading to a heap use after free scenario. Attackers with SQL execution permissions can exploit this flaw by crafting specific queries involving the to_timestamp function, which upon execution may cause unpredictable database service interruptions, manifesting as abrupt terminations of backend processes. This presents a serious availability risk for the database service. Users of openGauss-server-7.0.0-RC1 and openGauss-server-7.0.0-RC2 are advised to upgrade to openGauss-server-7.0.0-RC3 or later to mitigate this issue.

Affected Version(s)

openGauss-server-7.0.0-RC1 openEuler openGauss-server-7.0.0-RC1

openGauss-server-7.0.0-RC2 openEuler openGauss-server-7.0.0-RC2

openGauss-server-7.0.0-RC3 openEuler Centos openGauss-server-7.0.0-RC3

References

https://gitcode.com/opengauss/openGauss-server/pull/8877

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Jun 30, 2026

CVE-2026-14178 Data

JSON