CVE-2026-6638HIGH 8.8EPSS p8.4%

CVE-2026-6638CVE-2026-6638

Description

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18, minor versions before PostgreSQL 18.4, 17.10, and 16.14 are affected. Versions before PostgreSQL 16 are unaffected.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.19% probability of exploitation · percentile 8.4% · 2026-06-19T12:03:05Z
Published2026-05-14
Last modified2026-05-18

Underlying weaknesses· 1

CWE-89

References

  1. https://www.postgresql.org/support/security/CVE-2026-6638/

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')cwe-890%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-6637
CVE
CVE-2025-1094
CVE
CVE-2026-2006
CVE
CVE-2026-32539
CVE
CVE-2025-8714
CVE
CVE-2025-8715
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.