These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A SQL injection vulnerability in PostgreSQL's logical replication feature allows a malicious subscriber table creator to execute arbitrary SQL with the publication-side credentials. The attack vector involves the ALTER SUBSCRIPTION ... REFRESH PUBLICATION command, which triggers the injection at the next REFRESH PUBLICATION execution. This vulnerability affects PostgreSQL versions 16.0 through 16.13, 17.0 [truncated]
CVE-2026-6637 is a high-severity PostgreSQL vulnerability in the refint module. The CVE description says a stack buffer overflow can let an unprivileged database user execute arbitrary code as the operating system user running PostgreSQL. It also notes a separate attack path involving applications that expose user-controlled primary-key updates through refint cascade behavior, where SQL injection could al [truncated]
A buffer over-read vulnerability exists in PostgreSQL's pg_restore_attribute_stats() function, affecting versions 18.0 through 18.3. The function accepts array values with mismatched lengths, causing query planning operations to read beyond the bounds of one array. This allows a table maintainer with appropriate privileges to infer memory contents past the array boundary. The vulnerability is confined to [truncated]
## Summary PostgreSQL versions prior to 18.4, 17.10, 16.14, 15.18, and 14.23 contain an uncontrolled recursion vulnerability in SSL and GSS negotiation code. An attacker with connectivity to a PostgreSQL AF_UNIX socket can trigger sustained denial of service. If both SSL and GSS are disabled, the attack surface extends to TCP sockets. The vulnerability was published on 2026-05-14 and last modified on 2026 [truncated]
A covert timing channel vulnerability exists in PostgreSQL's MD5 password authentication comparison. The flaw allows network-based attackers to recover user credentials through timing analysis of authentication responses. This affects databases with legacy MD5-hashed passwords, typically originating from upgrades from PostgreSQL 13 or earlier, while scram-sha-256 passwords (the current default) are not vu [truncated]
CVE-2026-6477 is a high-severity PostgreSQL client-library issue in libpq where inherently dangerous PQfn(..., result_is_int=0, ...) usage can let a PostgreSQL server superuser write an arbitrarily large server-controlled response into a client stack buffer. The affected paths include lo_export(), lo_read(), lo_lseek64(), and lo_tell64(), and the impact extends to psql and pg_dump because they call lo_rea [truncated]
A SQL injection vulnerability in PostgreSQL's pg_createsubscriber function allows authenticated attackers with pg_create_subscription rights to execute arbitrary SQL commands with superuser privileges. The vulnerability affects PostgreSQL versions 17.0 through 17.9 and 18.0 through 18.3; versions prior to 17.0 are unaffected. The attack vector requires network access and low attack complexity, but high pr [truncated]
CVE-2026-6475 is a PostgreSQL file-overwrite issue in pg_basebackup plain format and pg_rewind caused by symlink following. The vendor notes that an origin superuser can overwrite local files such as a user’s .bashrc, which can affect the operating system account. PostgreSQL also notes an important practical limitation: if the server is started normally after these commands, it implicitly trusts the origi [truncated]
CVE-2026-6474 is a PostgreSQL format-string vulnerability in timeofday() that can disclose portions of server memory when crafted timezone zone values are processed. The issue is publicly documented as medium severity and affects PostgreSQL versions before 18.4, 17.10, 16.14, 15.18, and 14.23.
CVE-2026-6473 is a high-severity PostgreSQL server vulnerability caused by integer wraparound in multiple server features. An unprivileged database user may be able to trigger an undersized allocation followed by an out-of-bounds write. Depending on the affected path and deployment, this can lead to arbitrary code execution as the operating system user running PostgreSQL. The NVD record also notes that in [truncated]
A missing authorization vulnerability in PostgreSQL's CREATE TYPE implementation allows an authenticated attacker with object creation privileges to hijack queries that rely on search_path resolution for user-defined types. When a victim query executes, it may inadvertently invoke attacker-controlled SQL functions instead of intended extension-defined or legitimate user-defined types. This represents a pr [truncated]
CVE-2026-2007 is a heap buffer overflow vulnerability in the PostgreSQL pg_trgm module. An attacker with database user privileges can exploit this vulnerability by providing a crafted input string, potentially leading to unknown impacts, including possible privilege escalation. The vulnerability affects PostgreSQL versions 18.0 and 18.1. The CVSS score for this vulnerability is 8.2, indicating a high seve [truncated]
CVE-2026-2006 is a high-severity vulnerability in PostgreSQL that allows a database user to execute arbitrary code as the operating system user running the database. The vulnerability is caused by a missing validation of multibyte character length in PostgreSQL text manipulation, which can lead to a buffer overrun. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected. This vulnerabi [truncated]
CVE-2026-2005 is a heap buffer overflow vulnerability in the pgcrypto module of PostgreSQL. This vulnerability allows a ciphertext provider to execute arbitrary code as the operating system user running the database. The affected versions include PostgreSQL 14.0 to 14.21, 15.0 to 15.16, 16.0 to 16.12, 17.0 to 17.8, and 18.0 to 18.2. To exploit this vulnerability, an attacker would need to have legitimate [truncated]