CVE-2026-6475

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.4 PostgreSQL versions prior to 17.10 PostgreSQL versions prior to 16.14 PostgreSQL versions prior to 15.18 PostgreSQL versions prior to 14.23

Description Symlink following in pg basebackup plain format and in pg rewind allows an origin superuser to overwrite local files, such as '/var/lib/postgres/.bashrc', which can lead to the hijacking of the operating system account. This issue has practical implications if actions are taken between the execution of these commands and the server start, such as moving files to a different virtual machine or snapshotting the virtual machine.

Recommendations Update to version 18.4 or later. Update to version 17.10 or later. Update to version 16.14 or later. Update to version 15.18 or later. Update to version 14.23 or later.