Wind River Support Network

HomeDefectsLIN1024-21266
Acknowledged

LIN1024-21266 : Security Advisory - postgresql - CVE-2026-6476

Created: May 15, 2026    Updated: Jun 3, 2026
Resolved Date: Jun 1, 2026
Found In Version: 10.24.33.2
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Userspace

Description

SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser.  The attack takes effect when pg_createsubscriber next runs.  Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected.  Versions before PostgreSQL 17 are unaffected.
  • Linkedin
  • Facebook
  • Twitter
  • Youtube