USN-8294-1

Source
https://ubuntu.com/security/notices/USN-8294-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8294-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-8294-1
Upstream
Related
Published
2026-05-21T20:39:48Z
Modified
2026-06-30T18:16:23.729027251Z
Summary
postgresql-14, postgresql-16, postgresql-17, postgresql-18 vulnerabilities
Details

It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. (CVE-2026-6472)

It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-6473)

It was discovered that PostgreSQL incorrectly handled format strings in the timeofday() function. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6474)

It was discovered that PostgreSQL incorrectly followed symbolic links in pgbasebackup and pgrewind. An attacker could possibly use this issue to overwrite local files and execute arbitrary code. (CVE-2026-6475)

It was discovered that PostgreSQL had an SQL injection vulnerability in pg_createsubscriber. An attacker could possibly use this issue to execute arbitrary SQL as a superuser. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-6476)

It was discovered that PostgreSQL used an unsafe libpq function in large object operations. An attacker could possibly use this issue to overwrite client memory and execute arbitrary code. (CVE-2026-6477)

It was discovered that PostgreSQL did not compare MD5-hashed passwords in constant time. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6478)

It was discovered that PostgreSQL had uncontrolled recursion during SSL and GSS negotiation. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-6479)

It was discovered that PostgreSQL incorrectly handled array length mismatches in pgrestoreattribute_stats(). An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-6575)

It was discovered that PostgreSQL had a stack buffer overflow in the refint module. An attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-6637)

It was discovered that PostgreSQL had an SQL injection vulnerability in logical replication REFRESH PUBLICATION. An attacker could possibly use this issue to execute arbitrary SQL. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-6638)

References

Affected packages

Ubuntu:22.04:LTS / postgresql-14

Package

Name
postgresql-14
Purl
pkg:deb/ubuntu/postgresql-14?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
14.23-0ubuntu0.22.04.1

Affected versions

14.*
14.1-1ubuntu1
14.2-1
14.2-1ubuntu1
14.3-0ubuntu0.22.04.1
14.4-0ubuntu0.22.04.1
14.5-0ubuntu0.22.04.1
14.6-0ubuntu0.22.04.1
14.7-0ubuntu0.22.04.1
14.8-0ubuntu0.22.04.1
14.9-0ubuntu0.22.04.1
14.10-0ubuntu0.22.04.1
14.11-0ubuntu0.22.04.1
14.12-0ubuntu0.22.04.1
14.13-0ubuntu0.22.04.1
14.15-0ubuntu0.22.04.1
14.17-0ubuntu0.22.04.1
14.18-0ubuntu0.22.04.1
14.19-0ubuntu0.22.04.1
14.20-0ubuntu0.22.04.1
14.22-0ubuntu0.22.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libecpg-compat3",
            "binary_version": "14.23-0ubuntu0.22.04.1"
        },
        {
            "binary_name": "libecpg6",
            "binary_version": "14.23-0ubuntu0.22.04.1"
        },
        {
            "binary_name": "libpgtypes3",
            "binary_version": "14.23-0ubuntu0.22.04.1"
        },
        {
            "binary_name": "libpq5",
            "binary_version": "14.23-0ubuntu0.22.04.1"
        },
        {
            "binary_name": "postgresql-14",
            "binary_version": "14.23-0ubuntu0.22.04.1"
        },
        {
            "binary_name": "postgresql-client-14",
            "binary_version": "14.23-0ubuntu0.22.04.1"
        },
        {
            "binary_name": "postgresql-doc-14",
            "binary_version": "14.23-0ubuntu0.22.04.1"
        },
        {
            "binary_name": "postgresql-plperl-14",
            "binary_version": "14.23-0ubuntu0.22.04.1"
        },
        {
            "binary_name": "postgresql-plpython3-14",
            "binary_version": "14.23-0ubuntu0.22.04.1"
        },
        {
            "binary_name": "postgresql-pltcl-14",
            "binary_version": "14.23-0ubuntu0.22.04.1"
        },
        {
            "binary_name": "postgresql-server-dev-14",
            "binary_version": "14.23-0ubuntu0.22.04.1"
        }
    ]
}

Database specific

cves_map
{
    "cves": [
        {
            "id": "CVE-2026-6472",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6473",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6474",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6475",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6476",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6477",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6478",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6479",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6575",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6637",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6638",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ],
    "ecosystem": "Ubuntu:22.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8294-1.json"

Ubuntu:24.04:LTS / postgresql-16

Package

Name
postgresql-16
Purl
pkg:deb/ubuntu/postgresql-16?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.14-0ubuntu0.24.04.1

Affected versions

16.*
16.0-2
16.1-1
16.1-1build1
16.1-1build3
16.2-1
16.2-1ubuntu2
16.2-1ubuntu3
16.2-1ubuntu4
16.3-0ubuntu0.24.04.1
16.4-0ubuntu0.24.04.1
16.4-0ubuntu0.24.04.2
16.6-0ubuntu0.24.04.1
16.8-0ubuntu0.24.04.1
16.9-0ubuntu0.24.04.1
16.10-0ubuntu0.24.04.1
16.11-0ubuntu0.24.04.1
16.13-0ubuntu0.24.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libecpg-compat3",
            "binary_version": "16.14-0ubuntu0.24.04.1"
        },
        {
            "binary_name": "libecpg6",
            "binary_version": "16.14-0ubuntu0.24.04.1"
        },
        {
            "binary_name": "libpgtypes3",
            "binary_version": "16.14-0ubuntu0.24.04.1"
        },
        {
            "binary_name": "libpq5",
            "binary_version": "16.14-0ubuntu0.24.04.1"
        },
        {
            "binary_name": "postgresql-16",
            "binary_version": "16.14-0ubuntu0.24.04.1"
        },
        {
            "binary_name": "postgresql-client-16",
            "binary_version": "16.14-0ubuntu0.24.04.1"
        },
        {
            "binary_name": "postgresql-doc-16",
            "binary_version": "16.14-0ubuntu0.24.04.1"
        },
        {
            "binary_name": "postgresql-plperl-16",
            "binary_version": "16.14-0ubuntu0.24.04.1"
        },
        {
            "binary_name": "postgresql-plpython3-16",
            "binary_version": "16.14-0ubuntu0.24.04.1"
        },
        {
            "binary_name": "postgresql-pltcl-16",
            "binary_version": "16.14-0ubuntu0.24.04.1"
        },
        {
            "binary_name": "postgresql-server-dev-16",
            "binary_version": "16.14-0ubuntu0.24.04.1"
        }
    ]
}

Database specific

cves_map
{
    "cves": [
        {
            "id": "CVE-2026-6472",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6473",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6474",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6475",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6476",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6477",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6478",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6479",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6575",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6637",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6638",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ],
    "ecosystem": "Ubuntu:24.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8294-1.json"

Ubuntu:25.10 / postgresql-17

Package

Name
postgresql-17
Purl
pkg:deb/ubuntu/postgresql-17?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.10-0ubuntu0.25.10.1

Affected versions

17.*
17.4-1
17.4-2
17.5-1
17.5-1build1
17.6-1
17.6-1build1
17.7-0ubuntu0.25.10.1
17.9-0ubuntu0.25.10.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libecpg-compat3",
            "binary_version": "17.10-0ubuntu0.25.10.1"
        },
        {
            "binary_name": "libecpg6",
            "binary_version": "17.10-0ubuntu0.25.10.1"
        },
        {
            "binary_name": "libpgtypes3",
            "binary_version": "17.10-0ubuntu0.25.10.1"
        },
        {
            "binary_name": "libpq5",
            "binary_version": "17.10-0ubuntu0.25.10.1"
        },
        {
            "binary_name": "postgresql-17",
            "binary_version": "17.10-0ubuntu0.25.10.1"
        },
        {
            "binary_name": "postgresql-client-17",
            "binary_version": "17.10-0ubuntu0.25.10.1"
        },
        {
            "binary_name": "postgresql-doc-17",
            "binary_version": "17.10-0ubuntu0.25.10.1"
        },
        {
            "binary_name": "postgresql-plperl-17",
            "binary_version": "17.10-0ubuntu0.25.10.1"
        },
        {
            "binary_name": "postgresql-plpython3-17",
            "binary_version": "17.10-0ubuntu0.25.10.1"
        },
        {
            "binary_name": "postgresql-pltcl-17",
            "binary_version": "17.10-0ubuntu0.25.10.1"
        },
        {
            "binary_name": "postgresql-server-dev-17",
            "binary_version": "17.10-0ubuntu0.25.10.1"
        }
    ]
}

Database specific

cves_map
{
    "cves": [
        {
            "id": "CVE-2026-6472",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6473",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6474",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6475",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6476",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6477",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6478",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6479",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6575",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6637",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6638",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ],
    "ecosystem": "Ubuntu:25.10"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8294-1.json"

Ubuntu:26.04:LTS / postgresql-18

Package

Name
postgresql-18
Purl
pkg:deb/ubuntu/postgresql-18?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.4-0ubuntu0.26.04.1

Affected versions

18.*
18.0-1
18.1-1
18.1-1ubuntu1
18.1-1ubuntu2
18.1-2
18.3-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libecpg-compat3",
            "binary_version": "18.4-0ubuntu0.26.04.1"
        },
        {
            "binary_name": "libecpg6",
            "binary_version": "18.4-0ubuntu0.26.04.1"
        },
        {
            "binary_name": "libpgtypes3",
            "binary_version": "18.4-0ubuntu0.26.04.1"
        },
        {
            "binary_name": "libpq-oauth",
            "binary_version": "18.4-0ubuntu0.26.04.1"
        },
        {
            "binary_name": "libpq5",
            "binary_version": "18.4-0ubuntu0.26.04.1"
        },
        {
            "binary_name": "postgresql-18",
            "binary_version": "18.4-0ubuntu0.26.04.1"
        },
        {
            "binary_name": "postgresql-18-jit",
            "binary_version": "18.4-0ubuntu0.26.04.1"
        },
        {
            "binary_name": "postgresql-client-18",
            "binary_version": "18.4-0ubuntu0.26.04.1"
        },
        {
            "binary_name": "postgresql-doc-18",
            "binary_version": "18.4-0ubuntu0.26.04.1"
        },
        {
            "binary_name": "postgresql-plperl-18",
            "binary_version": "18.4-0ubuntu0.26.04.1"
        },
        {
            "binary_name": "postgresql-plpython3-18",
            "binary_version": "18.4-0ubuntu0.26.04.1"
        },
        {
            "binary_name": "postgresql-pltcl-18",
            "binary_version": "18.4-0ubuntu0.26.04.1"
        },
        {
            "binary_name": "postgresql-server-dev-18",
            "binary_version": "18.4-0ubuntu0.26.04.1"
        }
    ]
}

Database specific

cves_map
{
    "cves": [
        {
            "id": "CVE-2026-6472",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6473",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6474",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6475",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6476",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6477",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6478",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6479",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6575",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6637",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        },
        {
            "id": "CVE-2026-6638",
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
                    "type": "CVSS_V3"
                },
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ]
        }
    ],
    "ecosystem": "Ubuntu:26.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8294-1.json"