CVE-2026-6476 HIGH

CVE-2026-6476: PostgreSQL pg_createsubscriber allows SQL injection via subscription name

Vendor N/A
Product PostgreSQL
Weakness CWE-89 · SQLi
Published May 14, 2026
Last update May 15, 2026
View on NVD All CVEs

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.

Key dates

02Disclosure timeline

May 14, 2026 CVE published
May 15, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-2089 SourceCodester Complaint Management System GET Parameter userprofile.php sql injection CVE-2023-47558 WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to SQL Injection CVE-2026-25495 Craft has a SQL Injection in Element Indexes via criteria[orderBy] CVE-2025-5712 SourceCodester Open Source Clinic Management System appointment.php sql injection CVE-2026-28210 FreePBX: Authenticated SQL Injection in CDR (Call Data Record) Reports