ALPINE-CVE-2026-6472

See a problem?
Please try reporting it to the source first.
Source
https://security.alpinelinux.org/vuln/CVE-2026-6472
Import Source
https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6472.json
JSON Data
https://api.osv.dev/v1/vulns/ALPINE-CVE-2026-6472
Upstream
  • CVE-2026-6472
Published
2026-05-14T14:16:24.757Z
Modified
2026-06-15T18:18:11.292876671Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

References

Affected packages

Alpine:v3.20
postgresql15

Package

Name
postgresql15
Purl
pkg:apk/alpine/postgresql15?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.18-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6472.json"
postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.14-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6472.json"
Alpine:v3.21
postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.14-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6472.json"
postgresql17

Package

Name
postgresql17
Purl
pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.10-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6472.json"
Alpine:v3.22
postgresql16

Package

Name
postgresql16
Purl
pkg:apk/alpine/postgresql16?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.14-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6472.json"
postgresql17

Package

Name
postgresql17
Purl
pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.10-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6472.json"
Alpine:v3.23
postgresql17

Package

Name
postgresql17
Purl
pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.10-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6472.json"
postgresql18

Package

Name
postgresql18
Purl
pkg:apk/alpine/postgresql18?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.4-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6472.json"
Alpine:v3.24
postgresql17

Package

Name
postgresql17
Purl
pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.10-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6472.json"
postgresql18

Package

Name
postgresql18
Purl
pkg:apk/alpine/postgresql18?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.4-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6472.json"