CVE-2026-6476

HIGH7.2EPSS 0.03%

PostgreSQL pg_createsubscriber allows SQL injection via subscription name

發布日:2026/5/14修改日:2026/5/25

描述

SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.

受影響套件(5)

Alpine/postgresql17from 0, < 17.10-r0
Alpine/postgresql18from 0, < 18.4-r0
Bitnami/postgresql>= 17.0.0, < 17.10.0, >= 18.0.0, < 18.4.0
Debian/postgresql-17from 0, < 17.10-0+deb13u1
Debian/postgresql-18from 0, < 18.4-1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2026-6476
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-6476
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2026-6476
WEBhttps://www.postgresql.org/support/security/CVE-2026-6476/