High severity7.5NVD Advisory· Published May 14, 2026· Updated May 18, 2026
CVE-2026-6479
CVE-2026-6479
Description
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
19cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*range: <14.23
- (no CPE)range: before 18.4, 17.10, 16.14, 15.18, 14.23
- osv-coords17 versionspkg:bitnami/postgresqlpkg:rpm/opensuse/postgresql14&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql15&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql16&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql17&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/postgresql17&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql18&distro=openSUSE%20Tumbleweedpkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/postgresql14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/postgresql15&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/postgresql16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/postgresql17&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/postgresql18&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 14.23.0+ 16 more
- (no CPE)range: < 14.23.0
- (no CPE)range: < 14.23-1.1
- (no CPE)range: < 15.18-1.1
- (no CPE)range: < 16.14-1.1
- (no CPE)range: < 17.10-160000.1.1
- (no CPE)range: < 17.10-1.1
- (no CPE)range: < 18.4-1.1
- (no CPE)range: < 14.23-160000.1.1
- (no CPE)range: < 14.23-160000.1.1
- (no CPE)range: < 15.18-160000.1.1
- (no CPE)range: < 15.18-160000.1.1
- (no CPE)range: < 16.14-160000.1.1
- (no CPE)range: < 16.14-160000.1.1
- (no CPE)range: < 17.10-160000.1.1
- (no CPE)range: < 17.10-160000.1.1
- (no CPE)range: < 18.4-160000.1.1
- (no CPE)range: < 18.4-160000.1.1
Patches
Vulnerability mechanics
References
1- www.postgresql.org/support/security/CVE-2026-6479/nvdPatchVendor Advisory
News mentions
0No linked articles in our index yet.