ClickHouse ↗

ClickHouse · Database

Track your version:Monitors ClickHouse and tailors your dashboard to that exact version.

26.5.2.39 · latest cycle100/100 Healthy

Summary iPlain-English security verdict for ClickHouse, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.

ClickHouse currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 26.5.2.39. It's on the latest patch with no significant known issues — keep it current.

Disclosure trend iNew CVEs published for ClickHouse each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.

'19

'20

'21

'22

'23

'24

'25

'26

Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.

Most urgent first — actively exploited, then likeliest to be exploited.

CVE-2018-14671 CRITICAL Improper input validation EPSS 3% → fixed in 18.10.3 CVE-2018-14670 CRITICAL CWE-285 EPSS 2% → fixed in 1.1.54131 CVE-2019-16535 CRITICAL Out-of-bounds read EPSS 2% → fixed in 19.14

See all 23 known ClickHouse CVEs & security history →

Get alerted about ClickHouse

Be emailed the moment ClickHouse gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.

We email only on real events for ClickHouse — no marketing, no sharing, and we never know what you run. Track your whole stack →

Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.

How long each ClickHouse release line is supported — and when it sunsets. Select a line for its full report.

Mar26'27 ClickHouse 26.3EOL 2027-03-26

Aug29'26 ClickHouse 25.8EOL 2026-08-29

May21'26 ClickHouse 26.2ended 2026-05-21

May5'26 ClickHouse 26.1ended 2026-05-05

Mar26'26 ClickHouse 25.12ended 2026-03-26

Mar20'26 ClickHouse 25.3ended 2026-03-20

Feb27'26 ClickHouse 25.11ended 2026-02-27

Jan30'26 ClickHouse 25.10ended 2026-01-30

Dec18'25 ClickHouse 25.9ended 2025-12-18

Nov1'25 ClickHouse 25.7ended 2025-11-01

Sept27'25 ClickHouse 25.6ended 2025-09-27

Aug29'25 ClickHouse 25.5ended 2025-08-29

Full ClickHouse end-of-life dates & support timeline →

26.5 latest 26.5.2.39 Supported 26.5.2.39 → 26.4 latest 26.4.4.38 Supported 26.4.4.38 → 26.3 latest 26.3.13.31 Supported until 2027-03-2626.3.13.31 → 26.2 latest 26.2.19.43 End of life ended 2026-05-2126.2.19.43 → 26.1 latest 26.1.12.23 End of life ended 2026-05-0526.1.12.23 → 25.12 latest 25.12.12.1 End of life ended 2026-03-2625.12.12.1 → 25.11 latest 25.11.9.34 End of life ended 2026-02-2725.11.9.34 → 25.10 latest 25.10.7.6 End of life ended 2026-01-3025.10.7.6 → 25.9 latest 25.9.7.56 End of life ended 2025-12-1825.9.7.56 → 25.8 latest 25.8.24.21 Supported until 2026-08-2925.8.24.21 → See all upcoming end-of-life dates →

Frequently asked

Is ClickHouse safe and patched?

What should I do about ClickHouse now?

Upgrade ClickHouse to the latest supported release (26.5.2.39) or later and apply available security updates, then confirm against ClickHouse's official advisory.

When does ClickHouse reach end-of-life?

The latest supported ClickHouse release is 26.5.2.39. After end-of-life a release no longer receives security patches.

Which versions of ClickHouse are still receiving security updates?

Supported ClickHouse release lines (latest 26.5.2.39): 26.5, 26.4, 26.3, 25.8. End-of-life releases no longer receive security patches.

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against ClickHouse's official advisory before you patch or upgrade — ClickHouse official site ↗