Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2026-6476 - Vulnerability Database
PostgreSQL

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2026-6476

High
Reference: CVE-2026-6476
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-6476
Title: PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18 minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.