ALPINE-CVE-2026-6476

See a problem?
Please try reporting it to the source first.
Source
https://security.alpinelinux.org/vuln/CVE-2026-6476
Import Source
https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6476.json
JSON Data
https://api.osv.dev/v1/vulns/ALPINE-CVE-2026-6476
Upstream
  • CVE-2026-6476
Published
2026-05-14T14:16:25.230Z
Modified
2026-05-19T21:30:05.876229368Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

SQL injection in PostgreSQL pgcreatesubscriber allows an attacker with pgcreatesubscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pgcreatesubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.

References

Affected packages

Alpine:v3.21 / postgresql17

Package

Name
postgresql17
Purl
pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.10-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6476.json"

Alpine:v3.22 / postgresql17

Package

Name
postgresql17
Purl
pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.10-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6476.json"

Alpine:v3.23 / postgresql17

Package

Name
postgresql17
Purl
pkg:apk/alpine/postgresql17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.10-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6476.json"

Alpine:v3.23 / postgresql18

Package

Name
postgresql18
Purl
pkg:apk/alpine/postgresql18?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.4-r0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-6476.json"