Acknowledged
Created: May 15, 2026
Updated: Jun 3, 2026
Found In Version: 10.24.33.2
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Userspace
Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
