CVE-2026-6472

ADVISORY - nist

Summary

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-862⁠

Missing Authorization

Impacted images

Advisories

NIST

CREATED

12 hours ago

UPDATED

10 hours ago

ADVISORY IDCVE-2026-6472⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.4medium

Alpine

CREATED

6 hours ago

UPDATED

6 hours ago

ADVISORY IDCVE-2026-6472⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

10 hours ago

UPDATED

7 hours ago

ADVISORY IDCVE-2026-6472⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY