These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-6637 is a high-severity PostgreSQL vulnerability in the refint module. The CVE description says a stack buffer overflow can let an unprivileged database user execute arbitrary code as the operating system user running PostgreSQL. It also notes a separate attack path involving applications that expose user-controlled primary-key updates through refint cascade behavior, where SQL injection could al [truncated]
CVE-2026-6477 is a high-severity PostgreSQL client-library issue in libpq where inherently dangerous PQfn(..., result_is_int=0, ...) usage can let a PostgreSQL server superuser write an arbitrarily large server-controlled response into a client stack buffer. The affected paths include lo_export(), lo_read(), lo_lseek64(), and lo_tell64(), and the impact extends to psql and pg_dump because they call lo_rea [truncated]
CVE-2026-6475 is a PostgreSQL file-overwrite issue in pg_basebackup plain format and pg_rewind caused by symlink following. The vendor notes that an origin superuser can overwrite local files such as a user’s .bashrc, which can affect the operating system account. PostgreSQL also notes an important practical limitation: if the server is started normally after these commands, it implicitly trusts the origi [truncated]
CVE-2026-6474 is a PostgreSQL format-string vulnerability in timeofday() that can disclose portions of server memory when crafted timezone zone values are processed. The issue is publicly documented as medium severity and affects PostgreSQL versions before 18.4, 17.10, 16.14, 15.18, and 14.23.
CVE-2026-6473 is a high-severity PostgreSQL server vulnerability caused by integer wraparound in multiple server features. An unprivileged database user may be able to trigger an undersized allocation followed by an out-of-bounds write. Depending on the affected path and deployment, this can lead to arbitrary code execution as the operating system user running PostgreSQL. The NVD record also notes that in [truncated]