Cyber Resilience

CVE-2026-6477

HighUpdated

Published: 14 May 2026

Published
14 May 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0046 36.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-6477 is a high-severity Use of Inherently Dangerous Function (CWE-242) vulnerability in Postgresql Postgresql. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 36.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data…

more

into a buffer of unspecified size. Because both the \lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Buffer overflow in PostgreSQL client library functions (libpq) enables adversaries controlling a malicious server to achieve code execution on connecting clients (e.g., psql, pg_dump).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-6479Same product: Postgresql Postgresql
CVE-2026-2007Same product: Postgresql Postgresql
CVE-2026-2004Same product: Postgresql Postgresql
CVE-2026-2006Same product: Postgresql Postgresql
CVE-2026-6475Same product: Postgresql Postgresql
CVE-2026-6637Same product: Postgresql Postgresql
CVE-2026-6473Same product: Postgresql Postgresql
CVE-2026-2005Same product: Postgresql Postgresql
CVE-2026-6476Same product: Postgresql Postgresql
CVE-2026-42198Same vendor: Postgresql

Affected Assets

postgresql
postgresql
≤ 14.23 · 15.0 — 15.18 · 16.0 — 16.14

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

References