Sign In

CVE-2026-6476

ADVISORY - nist

Summary

SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-6476
EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-89

CVSS SCORE

7.2high

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2026-6476
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

UPDATED

ADVISORY IDCVE-2026-6476
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY