PostgreSQL Missing Authorization Vulnerability - CVE-2026-6472 - Vulnerability Database

PostgreSQL Missing Authorization Vulnerability - CVE-2026-6472

Medium

Reference: CVE-2026-6472

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-6472

Title: PostgreSQL Missing Authorization Vulnerability

Overview:

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types including extension-defined types. That is to say the victim will execute arbitrary SQL functions of the attacker39s choice. Versions before PostgreSQL 18.4 17.10 16.14 15.18 and 14.23 are affected.