PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Description

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

Basic Information

ID CVE-2026-6472

Source PostgreSQL

Published May 14, 2026 at 13:00

Modified May 14, 2026 at 13:43

Affected Product

Vendor n/a

Product PostgreSQL

Version 18

Affected Versions n/a PostgreSQL 18
n/a PostgreSQL 17
n/a PostgreSQL 16
n/a PostgreSQL 15
n/a PostgreSQL 0

CWE Classification

CWE-862

References

www.postgresql.org /support/security/CVE-2026-6472/

{
    "lastseen": "",
    "description": "Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types.  That is to say, the victim will execute arbitrary SQL functions of the attacker's choice.  Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.",
    "published": "2026-05-14T13:00:02.086Z",
    "modified": "2026-05-14T13:43:48.103Z",
    "type": "cve",
    "title": "PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege",
    "source": "PostgreSQL",
    "references": "https://www.postgresql.org/support/security/CVE-2026-6472/",
    "id": "CVE-2026-6472",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "n/a PostgreSQL 18\nn/a PostgreSQL 17\nn/a PostgreSQL 16\nn/a PostgreSQL 15\nn/a PostgreSQL 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PostgreSQL",
    "version": "18",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege_CVE-2026-6472