PostgreSQL timeofday() FS Vulnerability (pre-18.4,17.10,16.14,15.18,14.23)
CVE-2026-6474 Published on May 14, 2026

PostgreSQL timeofday() can disclose portions of server memory
Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

NVD

Weakness Type

Use of Externally-Controlled Format String

The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

PostgreSQL timeofday() FS Vulnerability (pre-18.4,17.10,16.14,15.18,14.23)CVE-2026-6474 Published on May 14, 2026

Weakness Type

Use of Externally-Controlled Format String

PostgreSQL timeofday() FS Vulnerability (pre-18.4,17.10,16.14,15.18,14.23)
CVE-2026-6474 Published on May 14, 2026