diff --git a/.gitignore b/.gitignore
index f8858ec..7af911b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
-SOURCES/postgresql-15.14.tar.bz2
-SOURCES/postgresql-16.11.tar.bz2
+SOURCES/postgresql-15.17.tar.bz2
+SOURCES/postgresql-16.13.tar.bz2
 SOURCES/postgresql-setup-8.9.tar.gz
diff --git a/.postgresql.metadata b/.postgresql.metadata
index 6ddaf9c..cca86c1 100644
--- a/.postgresql.metadata
+++ b/.postgresql.metadata
@@ -1,3 +1,3 @@
-474c7ee4c36f34dac2080c7ec569f1b485df724e SOURCES/postgresql-15.14.tar.bz2
-7c93e10c6d400e76b0e2ab29334efde7d58cd0ba SOURCES/postgresql-16.11.tar.bz2
+09a3926425707ffcf1dd7a5bae8869f921659c13 SOURCES/postgresql-15.17.tar.bz2
+b66b3bf5bf717f37371dc3fd8de8831d1f26dd40 SOURCES/postgresql-16.13.tar.bz2
 25a05ef36218b1de80d8eeb55f4b4e0b723bd7f6 SOURCES/postgresql-setup-8.9.tar.gz
diff --git a/SOURCES/Makefile.regress b/SOURCES/Makefile.regress
old mode 100755
new mode 100644
diff --git a/SOURCES/postgresql-15.14.tar.bz2.sha256 b/SOURCES/postgresql-15.14.tar.bz2.sha256
deleted file mode 100644
index b041087..0000000
--- a/SOURCES/postgresql-15.14.tar.bz2.sha256
+++ /dev/null
@@ -1 +0,0 @@
-06dd75d305cd3870ee62b3932e661c624543eaf9ae2ba37cdec0a4f8edd051d2  postgresql-15.14.tar.bz2
diff --git a/SOURCES/postgresql-15.17.tar.bz2.sha256 b/SOURCES/postgresql-15.17.tar.bz2.sha256
new file mode 100644
index 0000000..9b51ec2
--- /dev/null
+++ b/SOURCES/postgresql-15.17.tar.bz2.sha256
@@ -0,0 +1 @@
+ae14f24c14727e0b2ded1c5553031666099bd1054db3ef44bfa6e2bd6d554a56  postgresql-15.17.tar.bz2
diff --git a/SOURCES/postgresql-16.11.tar.bz2.sha256 b/SOURCES/postgresql-16.11.tar.bz2.sha256
deleted file mode 100644
index 11193b8..0000000
--- a/SOURCES/postgresql-16.11.tar.bz2.sha256
+++ /dev/null
@@ -1 +0,0 @@
-6deb08c23d03d77d8f8bd1c14049eeef64aef8968fd8891df2dfc0b42f178eac  postgresql-16.11.tar.bz2
diff --git a/SOURCES/postgresql-16.13.tar.bz2.sha256 b/SOURCES/postgresql-16.13.tar.bz2.sha256
new file mode 100644
index 0000000..017f6bc
--- /dev/null
+++ b/SOURCES/postgresql-16.13.tar.bz2.sha256
@@ -0,0 +1 @@
+dc2ddbbd245c0265a689408e3d2f2f3f9ba2da96bd19318214b313cdd9797287  postgresql-16.13.tar.bz2
diff --git a/SOURCES/postgresql-bashprofile b/SOURCES/postgresql-bashprofile
old mode 100755
new mode 100644
diff --git a/SOURCES/postgresql-external-libpq.patch b/SOURCES/postgresql-external-libpq.patch
old mode 100755
new mode 100644
diff --git a/SOURCES/postgresql-logging.patch b/SOURCES/postgresql-logging.patch
old mode 100755
new mode 100644
diff --git a/SOURCES/postgresql-no-libecpg.patch b/SOURCES/postgresql-no-libecpg.patch
old mode 100755
new mode 100644
diff --git a/SOURCES/postgresql-server-pg_config.patch b/SOURCES/postgresql-server-pg_config.patch
old mode 100755
new mode 100644
diff --git a/SOURCES/postgresql-var-run-socket.patch b/SOURCES/postgresql-var-run-socket.patch
old mode 100755
new mode 100644
diff --git a/SOURCES/postgresql.pam b/SOURCES/postgresql.pam
old mode 100755
new mode 100644
diff --git a/SOURCES/postgresql.tmpfiles.d b/SOURCES/postgresql.tmpfiles.d
old mode 100755
new mode 100644
diff --git a/SOURCES/rpm-pgsql.patch b/SOURCES/rpm-pgsql.patch
old mode 100755
new mode 100644
diff --git a/SPECS/postgresql.spec b/SPECS/postgresql.spec
old mode 100755
new mode 100644
index f569a68..70abdac
--- a/SPECS/postgresql.spec
+++ b/SPECS/postgresql.spec
@@ -62,7 +62,7 @@
 Summary: PostgreSQL client programs
 Name: postgresql
 %global majorversion 16
-Version: %{majorversion}.11
+Version: %{majorversion}.13
 Release: 1%{?dist}
 
 # The PostgreSQL license is very similar to other MIT licenses, but the OSI
@@ -75,7 +75,7 @@ Url: http://www.postgresql.org/
 # that this be kept up with the latest minor release of the previous series;
 # but update when bugs affecting pg_dump output are fixed.
 %global prevmajorversion 15
-%global prevversion %{prevmajorversion}.14
+%global prevversion %{prevmajorversion}.17
 %global prev_prefix %{_libdir}/pgsql/postgresql-%{prevmajorversion}
 %global precise_version %{?epoch:%epoch:}%version-%release
 
@@ -1216,6 +1216,13 @@ make -C postgresql-setup-%{setup_version} check
 
 
 %changelog
+* Fri Feb 27 2026 Filip Janus <fjanus@redhat.com> - 16.13-1
+- Update to 16.13
+- Fix CVE-2026-2004: PostgreSQL intarray missing validation of type of input
+- Fix CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow
+- Fix CVE-2026-2006: PostgreSQL missing validation of multibyte character length
+- Resolves: RHEL-149371 RHEL-149404 RHEL-149338
+
 * Mon Dec 01 2025 Filip Janus <fjanus@redhat.com> - 16.11-1
 - Update to 16.11
 - Resolves: RHEL-128820 (CVE-2025-12818)