PostgreSQL 17.x/18.x SQLi in pg_createsubscriber (17.9/18.3)
CVE-2026-6476 Published on May 14, 2026
PostgreSQL pg_createsubscriber allows SQL injection via subscription name
SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2026-6476 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2026-6476
stack.watch emails you whenever new vulnerabilities are published in PostgreSQL or Canonical Ubuntu Linux. Just hit a watch button to start following.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.