2477436 – (CVE-2026-6472) CVE-2026-6472 postgresql: PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege

Bug 2477436 (CVE-2026-6472) - CVE-2026-6472 postgresql: PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege

Summary: CVE-2026-6472 postgresql: PostgreSQL CREATE TYPE does not check multirange sc...

Keywords:
Status:	NEW
Alias:	CVE-2026-6472
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2489303 2489304 2489305 2489306
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-14 14:01 UTC by OSIDB Bzimport
Modified:	2026-06-16 16:22 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-14 14:01:33 UTC

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types.  That is to say, the victim will execute arbitrary SQL functions of the attacker's choice.  Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

Note You need to log in before you can comment on or make changes to this bug.