ГлавнаяУязвимости → CVE-2026-6476
7.2высокая

CVE-2026-6476

Описание

SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.

Затрагиваемое ПО
Postgresql Postgresql
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.postgresql.org/support/security/CVE-2026-6476/