CVEFinder.io

CVE-2026-6479

⚠️ high
🔍 Scan for this CVE
Summary

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

CVSS Score
7.5
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-14
First Seen: 2026-05-17
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 68.9% of all 330,193 vulnerabilities in our database.

#102,656
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 14, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
The PostgreSQL project thanks Calif.io in collaboration with Claude and Anthropic Research for reporting this problem.
SSVC data provided by CISA
Last Modified 2026-05-18
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-674

📦 Affected Products 5

Vendor Product Status Affected Versions
postgresql postgresql Affected
< 14.23
postgresql postgresql Affected
> 15.0 < 15.18
postgresql postgresql Affected
> 16.0 < 16.14
postgresql postgresql Affected
> 17.0 < 17.10
postgresql postgresql Affected
> 18.0 < 18.4

🔗 References 1

https://www.postgresql.org/support/security/CVE-2026...
Patch Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-6472 🔶 medium 5.4 0.0 Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to... 2026-05-14
CVE-2026-6473 ⚠️ high 8.8 0.1 Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to un... 2026-05-14
CVE-2026-6474 🔶 medium 4.3 0.0 Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server... 2026-05-14
CVE-2026-6475 ⚠️ high 8.8 0.1 Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite loca... 2026-05-14
CVE-2026-6476 ⚠️ high 7.2 0.0 SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitra... 2026-05-14
CVE-2026-6477 ⚠️ high 8.8 0.1 Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lsee... 2026-05-14
These CVEs affect the same products