CVE-2026-6575 MEDIUM

CVE-2026-6575: PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array

Vendor N/A
Product PostgreSQL
Weakness CWE-126
Published May 14, 2026
Last update May 14, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL 18.4 are affected. Versions before PostgreSQL 18 are unaffected.

Key dates

02Disclosure timeline

May 14, 2026 CVE published
May 14, 2026 Record updated