Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2026-6637 - Vulnerability Database
PostgreSQL

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2026-6637

High
Reference: CVE-2026-6637
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-6637
Title: PostgreSQL Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Stack buffer overflow in PostgreSQL module quotrefintquot allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a quotrefintquot cascade primary key and facilitates user-controlled updates to that column. In that case a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4 17.10 16.14 15.18 and 14.23 are affected.