Bug 2477446 (CVE-2026-6638) - CVE-2026-6638 postgresql: PostgreSQL: Arbitrary SQL execution via SQL injection in logical replication
Summary: CVE-2026-6638 postgresql: PostgreSQL: Arbitrary SQL execution via SQL injecti...
Keywords:
Status: NEW
Alias: CVE-2026-6638
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2499962 2499963 2499964 2499965
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-14 14:02 UTC by OSIDB Bzimport
Modified: 2026-07-14 13:04 UTC (History)
9 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-05-14 14:02:05 UTC
SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials.  The attack takes effect at the next REFRESH PUBLICATION.  Within major versions 16, 17, and 18, minor versions before PostgreSQL 18.4, 17.10, and 16.14 are affected.  Versions before PostgreSQL 16 are unaffected.


Note You need to log in before you can comment on or make changes to this bug.