CVE-2026-6637
8.8 HIGHStack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating syste...
Published: 2026-05-14 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-121, CWE-89
Affected products
| Vendor | Product |
|---|---|
| postgresql | postgresql |
Description
Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-6638 — SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION .. (3.7 LOW)
- CVE-2026-6575 — Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query plannin... (4.3 MEDIUM)
- CVE-2026-6479 — Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve... (7.5 HIGH)
- CVE-2026-6478 — Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials su... (6.5 MEDIUM)
- CVE-2026-6477 — Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tel... (8.8 HIGH)
Same CWE
- CVE-2026-49760 — Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow
- CVE-2026-49759 — Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by...
- CVE-2026-53474 — A flaw was found in migration-planner (9.6 CRITICAL)
- CVE-2026-52758 — Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL qu... (8.8 HIGH)
- CVE-2026-49498 — Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to e... (8.8 HIGH)