PostgreSQL 18.4+ Missing Auth in CREATE TYPE (search_path hijack)
CVE-2026-6472 Published on May 14, 2026

PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

NVD

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE-2026-6472 has been classified to as an AuthZ vulnerability or weakness.

Products Associated with CVE-2026-6472

Want to know whenever a new CVE is published for PostgreSQL? stack.watch will email you.

PostgreSQL

PostgreSQL 18.4+ Missing Auth in CREATE TYPE (search_path hijack)CVE-2026-6472 Published on May 14, 2026

Weakness Type

What is an AuthZ Vulnerability?

Products Associated with CVE-2026-6472

PostgreSQL 18.4+ Missing Auth in CREATE TYPE (search_path hijack)
CVE-2026-6472 Published on May 14, 2026