VYPR
High severity8.8NVD Advisory· Published May 14, 2026· Updated May 18, 2026

CVE-2026-6637

CVE-2026-6637

Description

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

19

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.