Bug 2477436 (CVE-2026-6472)
| Summary: | CVE-2026-6472 postgresql: PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dschmidt, erezende, jlanda, kshier, rhel-process-autobot, simaishi, smcdonal, stcannon, teagle, watson-tool-maintainers, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in PostgreSQL CREATE TYPE handling for multirange types. The database failed to properly verify schema CREATE privileges during multirange type creation. An authenticated database user could exploit this issue to hijack queries that rely on search_path resolution for user-defined or extension-defined types, potentially causing execution of arbitrary SQL functions within the affected database context.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2489303, 2489304, 2489305, 2489306 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-05-14 14:01:33 UTC
|