Bug 2477439 (CVE-2026-6475)
| Summary: | CVE-2026-6475 postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | rhel-process-autobot, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pg_basebackup (plain format) and pg_rewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical implications if specific actions are taken, such as moving files to a different virtual machine (VM) or snapshotting the VM, between the execution of these commands and the server's restart.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2484509, 2484510, 2484511, 2484512 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-05-14 14:01:42 UTC
|