Missing Authorization The advisory has been revoked - it doesn't affect any version of package libpq  (opens in a new tab)


Threat Intelligence

EPSS
0.16% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL8-LIBPQ-17363269
  • published17 Jun 2026
  • disclosed14 May 2026

Introduced: 14 May 2026

CVE-2026-6472  (opens in a new tab)
CWE-862  (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:8.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libpq package and not the libpq package as distributed by RHEL.

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.