CVE-2026-6477 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 14, 2026
PostgreSQL - Buffer Overflow
Overview
PostgreSQL < 18.4, 17.10, 16.14, 15.18, and 14.23 contains a buffer overflow caused by unsafe use of PQfn in lo_export, lo_read, lo_lseek64, and lo_tell64 functions, letting server superusers overwrite client stack memory, exploit requires server superuser privileges.
Severity & Score
Impact
Server superusers can overwrite client stack memory, potentially leading to arbitrary code execution or client application crashes.
Mitigation
Upgrade to PostgreSQL 18.4, 17.10, 16.14, 15.18, 14.23 or later.
Social Media Activity(2 posts)
š CVE-2026-6477 - High (8.8) Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large respo... š https://www.thehackerwire.com/vulnerability/CVE-2026-6477/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-6477 - High (8.8) Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large respo... š https://www.thehackerwire.com/vulnerability/CVE-2026-6477/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-6477
- Severity
- High
- CVSS Score
- 8.8
- Type
- buffer_overflow
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-242
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H