PostgreSQL 18.4+ Missing Auth in CREATE TYPE (search_path hijack)
CVE-2026-6472 Published on May 14, 2026
PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-6472 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2026-6472
stack.watch emails you whenever new vulnerabilities are published in PostgreSQL or Canonical Ubuntu Linux. Just hit a watch button to start following.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.