CVE-2026-6474

ADVISORY - nist

Summary

Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-134⁠

Use of Externally-Controlled Format String

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.