Cyber Resilience

CVE-2026-6475

High

Published: 14 May 2026

Published
14 May 2026
Modified
18 May 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0032 24.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-6475 is a high-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Postgresql Postgresql. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell Configuration Modification (T1546.004); ranked at the 24.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts…

more

the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1546.004 Unix Shell Configuration Modification Privilege Escalation
Adversaries may establish persistence through executing malicious commands triggered by a user’s shell.
Why these techniques?

Symlink following enables arbitrary local file overwrite (e.g. .bashrc) by an origin superuser, directly facilitating Unix shell configuration modification for OS account hijacking/persistence.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2004Same product: Postgresql Postgresql
CVE-2026-2005Same product: Postgresql Postgresql
CVE-2026-2006Same product: Postgresql Postgresql
CVE-2026-2007Same product: Postgresql Postgresql
CVE-2026-6479Same product: Postgresql Postgresql
CVE-2026-6473Same product: Postgresql Postgresql
CVE-2026-6477Same product: Postgresql Postgresql
CVE-2026-6637Same product: Postgresql Postgresql
CVE-2026-6476Same product: Postgresql Postgresql
CVE-2026-42198Same vendor: Postgresql

Affected Assets

postgresql
postgresql
≤ 14.23 · 15.0 — 15.18 · 16.0 — 16.14

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References