Postgresql 16.11 vulnerable to CVE-2026-2003 - CVE-2026-2006

Nessus has caught that the embedded version of Postgresql (16.11) used in GitLab v18.x, including in the latest patch releases v18.8.5 and v18.9.1, is vulnerable to multiple high and medium risk vulnerabilities:

• CVE-2026-2003
• CVE-2026-2004
• CVE-2026-2005
• CVE-2026-2006

Remediation could be updating the embedded version to 16.12.