CVE-2026-6474

ADVISORY - nist

Summary

Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-134⁠

Use of Externally-Controlled Format String

Impacted images

Advisories

NIST

CREATED

12 hours ago

UPDATED

10 hours ago

ADVISORY IDCVE-2026-6474⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-134⁠

CVSS SCORE

4.3medium

Alpine

CREATED

6 hours ago

UPDATED

6 hours ago

ADVISORY IDCVE-2026-6474⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

10 hours ago

UPDATED

7 hours ago

ADVISORY IDCVE-2026-6474⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY