CVE-2026-6478
CVE-2026-6478 enables a covert timing channel during MD5 password comparison in PostgreSQL authentication, allowing credential recovery sufficient to authenticate. The issue does not affect scram-sha-256 passwords. It can affect databases with MD5-hashed passwords originating from upgrades from P...