CVE-2026-6476 | THREATINT

Description

SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.

PUBLISHED Reserved 2026-04-17 | Published 2026-05-14 | Updated 2026-05-15 | Assigner PostgreSQL

HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Credits

The PostgreSQL project thanks Yu Kunpeng for reporting this problem.

References

www.postgresql.org/support/security/CVE-2026-6476/

cve.org (CVE-2026-6476)

nvd.nist.gov (CVE-2026-6476)

Download JSON