UBUNTU-CVE-2026-6475
- Source
- https://ubuntu.com/security/CVE-2026-6475
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-6475.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-6475
- Upstream
- Downstream
- Related
- Published
- 2026-05-14T14:16:00Z
- Modified
- 2026-05-21T23:15:08.223888073Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like sharedpreloadlibraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
- References
Affected packages
Ubuntu:20.04:LTS
postgresql-12
Package
- Name
- postgresql-12
- Purl
- pkg:deb/ubuntu/postgresql-12?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
12.*
12.0-1
12.1-1
12.1-2build1
12.2-1
12.2-1ubuntu2
12.2-4
12.4-0ubuntu0.20.04.1
12.5-0ubuntu0.20.04.1
12.6-0ubuntu0.20.04.1
12.7-0ubuntu0.20.04.1
12.8-0ubuntu0.20.04.1
12.9-0ubuntu0.20.04.1
12.10-0ubuntu0.20.04.1
12.11-0ubuntu0.20.04.1
12.12-0ubuntu0.20.04.1
12.13-0ubuntu0.20.04.1
12.14-0ubuntu0.20.04.1
12.15-0ubuntu0.20.04.1
12.16-0ubuntu0.20.04.1
12.17-0ubuntu0.20.04.1
12.18-0ubuntu0.20.04.1
12.19-0ubuntu0.20.04.1
12.20-0ubuntu0.20.04.1
12.22-0ubuntu0.20.04.1
12.22-0ubuntu0.20.04.2
12.22-0ubuntu0.20.04.4
Ecosystem specific
{
"binaries": [
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "libecpg6"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "libpgtypes3"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "libpq5"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "postgresql-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "postgresql-client-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "postgresql-doc-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "postgresql-plperl-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "postgresql-plpython3-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "postgresql-pltcl-12"
},
{
"binary_version": "12.22-0ubuntu0.20.04.4",
"binary_name": "postgresql-server-dev-12"
}
]
}Ubuntu:22.04:LTS
postgresql-14
Package
- Name
- postgresql-14
- Purl
- pkg:deb/ubuntu/postgresql-14?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed14.23-0ubuntu0.22.04.1
Affected versions
14.*
14.1-1ubuntu1
14.2-1
14.2-1ubuntu1
14.3-0ubuntu0.22.04.1
14.4-0ubuntu0.22.04.1
14.5-0ubuntu0.22.04.1
14.6-0ubuntu0.22.04.1
14.7-0ubuntu0.22.04.1
14.8-0ubuntu0.22.04.1
14.9-0ubuntu0.22.04.1
14.10-0ubuntu0.22.04.1
14.11-0ubuntu0.22.04.1
14.12-0ubuntu0.22.04.1
14.13-0ubuntu0.22.04.1
14.15-0ubuntu0.22.04.1
14.17-0ubuntu0.22.04.1
14.18-0ubuntu0.22.04.1
14.19-0ubuntu0.22.04.1
14.20-0ubuntu0.22.04.1
14.22-0ubuntu0.22.04.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "14.23-0ubuntu0.22.04.1",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "14.23-0ubuntu0.22.04.1",
"binary_name": "libecpg6"
},
{
"binary_version": "14.23-0ubuntu0.22.04.1",
"binary_name": "libpgtypes3"
},
{
"binary_version": "14.23-0ubuntu0.22.04.1",
"binary_name": "libpq5"
},
{
"binary_version": "14.23-0ubuntu0.22.04.1",
"binary_name": "postgresql-14"
},
{
"binary_version": "14.23-0ubuntu0.22.04.1",
"binary_name": "postgresql-client-14"
},
{
"binary_version": "14.23-0ubuntu0.22.04.1",
"binary_name": "postgresql-doc-14"
},
{
"binary_version": "14.23-0ubuntu0.22.04.1",
"binary_name": "postgresql-plperl-14"
},
{
"binary_version": "14.23-0ubuntu0.22.04.1",
"binary_name": "postgresql-plpython3-14"
},
{
"binary_version": "14.23-0ubuntu0.22.04.1",
"binary_name": "postgresql-pltcl-14"
},
{
"binary_version": "14.23-0ubuntu0.22.04.1",
"binary_name": "postgresql-server-dev-14"
}
],
"availability": "No subscription required"
}Ubuntu:24.04:LTS
postgresql-16
Package
- Name
- postgresql-16
- Purl
- pkg:deb/ubuntu/postgresql-16?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed16.14-0ubuntu0.24.04.1
Affected versions
16.*
16.0-2
16.1-1
16.1-1build1
16.1-1build3
16.2-1
16.2-1ubuntu2
16.2-1ubuntu3
16.2-1ubuntu4
16.3-0ubuntu0.24.04.1
16.4-0ubuntu0.24.04.1
16.4-0ubuntu0.24.04.2
16.6-0ubuntu0.24.04.1
16.8-0ubuntu0.24.04.1
16.9-0ubuntu0.24.04.1
16.10-0ubuntu0.24.04.1
16.11-0ubuntu0.24.04.1
16.13-0ubuntu0.24.04.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "16.14-0ubuntu0.24.04.1",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "16.14-0ubuntu0.24.04.1",
"binary_name": "libecpg6"
},
{
"binary_version": "16.14-0ubuntu0.24.04.1",
"binary_name": "libpgtypes3"
},
{
"binary_version": "16.14-0ubuntu0.24.04.1",
"binary_name": "libpq5"
},
{
"binary_version": "16.14-0ubuntu0.24.04.1",
"binary_name": "postgresql-16"
},
{
"binary_version": "16.14-0ubuntu0.24.04.1",
"binary_name": "postgresql-client-16"
},
{
"binary_version": "16.14-0ubuntu0.24.04.1",
"binary_name": "postgresql-doc-16"
},
{
"binary_version": "16.14-0ubuntu0.24.04.1",
"binary_name": "postgresql-plperl-16"
},
{
"binary_version": "16.14-0ubuntu0.24.04.1",
"binary_name": "postgresql-plpython3-16"
},
{
"binary_version": "16.14-0ubuntu0.24.04.1",
"binary_name": "postgresql-pltcl-16"
},
{
"binary_version": "16.14-0ubuntu0.24.04.1",
"binary_name": "postgresql-server-dev-16"
}
],
"availability": "No subscription required"
}Ubuntu:25.10
postgresql-17
Package
- Name
- postgresql-17
- Purl
- pkg:deb/ubuntu/postgresql-17?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed17.10-0ubuntu0.25.10.1
Affected versions
17.*
17.4-1
17.4-2
17.5-1
17.5-1build1
17.6-1
17.6-1build1
17.7-0ubuntu0.25.10.1
17.9-0ubuntu0.25.10.1
Ecosystem specific
{
"binaries": [
{
"binary_version": "17.10-0ubuntu0.25.10.1",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "17.10-0ubuntu0.25.10.1",
"binary_name": "libecpg6"
},
{
"binary_version": "17.10-0ubuntu0.25.10.1",
"binary_name": "libpgtypes3"
},
{
"binary_version": "17.10-0ubuntu0.25.10.1",
"binary_name": "libpq5"
},
{
"binary_version": "17.10-0ubuntu0.25.10.1",
"binary_name": "postgresql-17"
},
{
"binary_version": "17.10-0ubuntu0.25.10.1",
"binary_name": "postgresql-client-17"
},
{
"binary_version": "17.10-0ubuntu0.25.10.1",
"binary_name": "postgresql-doc-17"
},
{
"binary_version": "17.10-0ubuntu0.25.10.1",
"binary_name": "postgresql-plperl-17"
},
{
"binary_version": "17.10-0ubuntu0.25.10.1",
"binary_name": "postgresql-plpython3-17"
},
{
"binary_version": "17.10-0ubuntu0.25.10.1",
"binary_name": "postgresql-pltcl-17"
},
{
"binary_version": "17.10-0ubuntu0.25.10.1",
"binary_name": "postgresql-server-dev-17"
}
],
"availability": "No subscription required"
}Ubuntu:26.04:LTS
postgresql-18
Package
- Name
- postgresql-18
- Purl
- pkg:deb/ubuntu/postgresql-18?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed18.4-0ubuntu0.26.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "18.4-0ubuntu0.26.04.1",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "18.4-0ubuntu0.26.04.1",
"binary_name": "libecpg6"
},
{
"binary_version": "18.4-0ubuntu0.26.04.1",
"binary_name": "libpgtypes3"
},
{
"binary_version": "18.4-0ubuntu0.26.04.1",
"binary_name": "libpq-oauth"
},
{
"binary_version": "18.4-0ubuntu0.26.04.1",
"binary_name": "libpq5"
},
{
"binary_version": "18.4-0ubuntu0.26.04.1",
"binary_name": "postgresql-18"
},
{
"binary_version": "18.4-0ubuntu0.26.04.1",
"binary_name": "postgresql-18-jit"
},
{
"binary_version": "18.4-0ubuntu0.26.04.1",
"binary_name": "postgresql-client-18"
},
{
"binary_version": "18.4-0ubuntu0.26.04.1",
"binary_name": "postgresql-doc-18"
},
{
"binary_version": "18.4-0ubuntu0.26.04.1",
"binary_name": "postgresql-plperl-18"
},
{
"binary_version": "18.4-0ubuntu0.26.04.1",
"binary_name": "postgresql-plpython3-18"
},
{
"binary_version": "18.4-0ubuntu0.26.04.1",
"binary_name": "postgresql-pltcl-18"
},
{
"binary_version": "18.4-0ubuntu0.26.04.1",
"binary_name": "postgresql-server-dev-18"
}
]
}Ubuntu:Pro:14.04:LTS
postgresql-9.3
Package
- Name
- postgresql-9.3
- Purl
- pkg:deb/ubuntu/postgresql-9.3?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.3.1-1
9.3.2-1
9.3.2-1ubuntu1
9.3.2-1ubuntu2
9.3.3-1
9.3.3-1bzr1
9.3.3-1bzr2
9.3.4-1
9.3.5-0ubuntu0.14.04.1
9.3.6-0ubuntu0.14.04
9.3.7-0ubuntu0.14.04
9.3.8-0ubuntu0.4.04
9.3.9-0ubuntu0.14.04
9.3.10-0ubuntu0.14.04
9.3.11-0ubuntu0.14.04
9.3.12-0ubuntu0.14.04
9.3.13-0ubuntu0.14.04
9.3.14-0ubuntu0.14.04
9.3.15-0ubuntu0.14.04
9.3.16-0ubuntu0.14.04
9.3.17-0ubuntu0.14.04
9.3.18-0ubuntu0.14.04.1
9.3.19-0ubuntu0.14.04
9.3.20-0ubuntu0.14.04
9.3.21-0ubuntu0.14.04
9.3.22-0ubuntu0.14.04
9.3.23-0ubuntu0.14.04
9.3.24-0ubuntu0.14.04
9.3.24-0ubuntu0.14.04+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libecpg6"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libpgtypes3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "libpq5"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-client-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-contrib-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-doc-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-plperl-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-plpython-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-plpython3-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-pltcl-9.3"
},
{
"binary_version": "9.3.24-0ubuntu0.14.04+esm1",
"binary_name": "postgresql-server-dev-9.3"
}
]
}Ubuntu:Pro:16.04:LTS
postgresql-9.5
Package
- Name
- postgresql-9.5
- Purl
- pkg:deb/ubuntu/postgresql-9.5?arch=source&distro=esm-infra%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.5.0-1
9.5.0-2
9.5.0-3
9.5.1-1
9.5.2-1
9.5.3-0ubuntu0.16.04
9.5.4-0ubuntu0.16.04
9.5.5-0ubuntu0.16.04
9.5.6-0ubuntu0.16.04
9.5.7-0ubuntu0.16.04
9.5.8-0ubuntu0.16.04.1
9.5.9-0ubuntu0.16.04
9.5.10-0ubuntu0.16.04
9.5.11-0ubuntu0.16.04
9.5.12-0ubuntu0.16.04
9.5.13-0ubuntu0.16.04
9.5.14-0ubuntu0.16.04
9.5.16-0ubuntu0.16.04.1
9.5.17-0ubuntu0.16.04.1
9.5.18-0ubuntu0.16.04.1
9.5.19-0ubuntu0.16.04.1
9.5.21-0ubuntu0.16.04.1
9.5.23-0ubuntu0.16.04.1
9.5.24-0ubuntu0.16.04.1
9.5.25-0ubuntu0.16.04.1
9.5.25-0ubuntu0.16.04.1+esm1
9.5.25-0ubuntu0.16.04.1+esm2
9.5.25-0ubuntu0.16.04.1+esm3
9.5.25-0ubuntu0.16.04.1+esm4
9.5.25-0ubuntu0.16.04.1+esm5
9.5.25-0ubuntu0.16.04.1+esm6
9.5.25-0ubuntu0.16.04.1+esm7
9.5.25-0ubuntu0.16.04.1+esm8
9.5.25-0ubuntu0.16.04.1+esm10
Ecosystem specific
{
"binaries": [
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libecpg6"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libpgtypes3"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "libpq5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-client-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-contrib-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-doc-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-plperl-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-plpython-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-plpython3-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-pltcl-9.5"
},
{
"binary_version": "9.5.25-0ubuntu0.16.04.1+esm10",
"binary_name": "postgresql-server-dev-9.5"
}
]
}Ubuntu:Pro:18.04:LTS
postgresql-10
Package
- Name
- postgresql-10
- Purl
- pkg:deb/ubuntu/postgresql-10?arch=source&distro=esm-infra%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
10.*
10.1-1
10.1-2
10.2-1
10.3-1
10.4-0ubuntu0.18.04
10.5-0ubuntu0.18.04
10.6-0ubuntu0.18.04.1
10.7-0ubuntu0.18.04.1
10.8-0ubuntu0.18.04.1
10.9-0ubuntu0.18.04.1
10.10-0ubuntu0.18.04.1
10.12-0ubuntu0.18.04.1
10.14-0ubuntu0.18.04.1
10.15-0ubuntu0.18.04.1
10.16-0ubuntu0.18.04.1
10.17-0ubuntu0.18.04.1
10.18-0ubuntu0.18.04.1
10.19-0ubuntu0.18.04.1
10.20-0ubuntu0.18.04.1
10.21-0ubuntu0.18.04.1
10.22-0ubuntu0.18.04.1
10.23-0ubuntu0.18.04.1
10.23-0ubuntu0.18.04.2
10.23-0ubuntu0.18.04.2+esm1
10.23-0ubuntu0.18.04.2+esm2
10.23-0ubuntu0.18.04.2+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libecpg-compat3"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libecpg6"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libpgtypes3"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "libpq5"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-client-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-doc-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-plperl-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-plpython-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-plpython3-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-pltcl-10"
},
{
"binary_version": "10.23-0ubuntu0.18.04.2+esm3",
"binary_name": "postgresql-server-dev-10"
}
]
}