4 matches found
CVE-2026-6472
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the CREATE TYPE process. An attacker can execute arbitrary SQL functions of their choice by hijacking queries that use searchpath to locate user-defined types, including those defined by extensions. Remediation...
CVE-2026-6472
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...
CVE-2026-6472
The CVE-2026-6472 entry concerns PostgreSQL: missing authorization in the CREATE TYPE path enables an object creator to hijack queries that rely on search_path to locate user-defined and extension-defined types. Affected versions include PostgreSQL 14.23, 15.18, 16.14, 17.10, and 18.4 prior relea...