PostgreSQL Recursion CVE-2026-6479: SSL/GSS DoS pre-18.4,17.10,16.14,15.18,14.23
CVE-2026-6479 Published on May 14, 2026

PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

NVD

Weakness Type

What is a Stack Exhaustion Vulnerability?

The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

CVE-2026-6479 has been classified to as a Stack Exhaustion vulnerability or weakness.

Products Associated with CVE-2026-6479

Want to know whenever a new CVE is published for PostgreSQL? stack.watch will email you.

PostgreSQL

PostgreSQL Recursion CVE-2026-6479: SSL/GSS DoS pre-18.4,17.10,16.14,15.18,14.23CVE-2026-6479 Published on May 14, 2026

Weakness Type

What is a Stack Exhaustion Vulnerability?

Products Associated with CVE-2026-6479

PostgreSQL Recursion CVE-2026-6479: SSL/GSS DoS pre-18.4,17.10,16.14,15.18,14.23
CVE-2026-6479 Published on May 14, 2026