CVE-2026-6637 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 14, 2026
PostgreSQL - Buffer Overflow & SQL Injection
Overview
PostgreSQL < 18.4, 17.10, 16.14, 15.18, and 14.23 contains a stack buffer overflow in the refint module allowing unprivileged database users to execute arbitrary OS code, and a SQL injection via user-controlled refint cascade primary key updates, letting attackers execute arbitrary SQL as the database user.
Severity & Score
Impact
Unprivileged users can execute arbitrary OS commands or SQL code, potentially leading to full system or database compromise.
Mitigation
Upgrade to PostgreSQL 18.4, 17.10, 16.14, 15.18, 14.23 or later.
Social Media Activity(2 posts)
š CVE-2026-6637 - High (8.8) Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled colu... š https://www.thehackerwire.com/vulnerability/CVE-2026-6637/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-6637 - High (8.8) Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled colu... š https://www.thehackerwire.com/vulnerability/CVE-2026-6637/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-6637
- Severity
- High
- CVSS Score
- 8.8
- Type
- buffer_overflow
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H