CVE-2026-6476

Public on 2026-05-14
Modified on 2026-05-15
Description
SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.
Severity
Important severity
Important
See what this means
CVSS v3 Base Score
7.2
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Postgresql14 Extra libpq Not Affected
Amazon Linux 2023 libpq Not Affected
Amazon Linux 2 - Core postgresql Not Affected
Amazon Linux 2 - Postgresql14 Extra postgresql Not Affected
Amazon Linux 2023 postgresql15 Not Affected
Amazon Linux 2023 postgresql16 Not Affected
Amazon Linux 2023 postgresql17 Pending Fix
Amazon Linux 2023 postgresql18 Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

FAQs regarding Amazon Linux ALAS/CVE Severity Red Hat: CVE-2026-6476 Mitre: CVE-2026-6476