vulnerability

PostgreSQL: CVE-2026-6575: PostgreSQL pg_restore_attribute_stats accepts values that cause query planning to read past end of stats array

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	May 14, 2026	May 14, 2026	May 17, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

May 14, 2026

Added

May 14, 2026

Modified

May 17, 2026

Description

Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintainer to infer memory values past that array end. Within major version 18, minor versions before PostgreSQL 18.4 are affected. Versions before PostgreSQL 18 are unaffected.

Solution

postgres-upgrade-18_4

References

CVE-2026-6575
https://attackerkb.com/topics/CVE-2026-6575
CWE-126
EUVD-EUVD-2026-30287
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-30287

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report