CVE-2026-6476

HIGH EPSS 20.4%

Published May 14, 20261mo ago · Modified Jun 17, 20261w ago

7.2 CVSS 3.1

High

Published May 14, 2026 1mo ago

Last Modified Jun 17, 2026 1w ago

Description

SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.

CVSS Details

Base Score

7.2

Exploitability

1.2

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

20.4% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 2

Vendor	Product	Version	Range
postgresql	postgresql	*	≥17.0 – <17.10
postgresql	postgresql	*	≥18.0 – <18.4

References 1

postgresql.org https://www.postgresql.org/support/security/CVE-2026-6476/

PatchVendor Advisory

Remediation

postgresql.org https://www.postgresql.org/support/security/CVE-2026-6476/

PatchVendor Advisory