CVE-2026-6479: Uncontrolled Recursion in PostgreSQL
CVE-2026-6479 is a high-severity vulnerability in PostgreSQL affecting versions prior to 18. 4, 17. 10, 16. 14, 15. 18, and 14. 23. It involves uncontrolled recursion during SSL and GSS negotiation, which can be exploited by an attacker with access to a PostgreSQL AF_UNIX socket to cause a sustained denial of service. If SSL and GSS are disabled, the same denial of service can be triggered via a TCP socket connection. There is no confirmed patch or official remediation information available at this time.
AI Analysis
Technical Summary
This vulnerability arises from uncontrolled recursion in the SSL and GSS negotiation processes within PostgreSQL, allowing an attacker with socket access to induce a sustained denial of service condition. The issue affects multiple PostgreSQL versions before the specified patch levels. The attack vector requires the ability to connect to PostgreSQL AF_UNIX sockets, or if SSL and GSS are disabled, to TCP sockets. The CVSS 3.1 score is 7.5, reflecting high severity due to the potential for denial of service without requiring privileges or user interaction.
Potential Impact
An attacker able to connect to PostgreSQL AF_UNIX sockets can cause a sustained denial of service by exploiting uncontrolled recursion in SSL and GSS negotiation. If SSL and GSS are disabled, the attacker can achieve the same impact via TCP socket access. The vulnerability does not impact confidentiality or integrity but results in availability loss.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to PostgreSQL AF_UNIX and TCP sockets to trusted users only to reduce the risk of exploitation.
CVE-2026-6479: Uncontrolled Recursion in PostgreSQL
Description
CVE-2026-6479 is a high-severity vulnerability in PostgreSQL affecting versions prior to 18. 4, 17. 10, 16. 14, 15. 18, and 14. 23. It involves uncontrolled recursion during SSL and GSS negotiation, which can be exploited by an attacker with access to a PostgreSQL AF_UNIX socket to cause a sustained denial of service. If SSL and GSS are disabled, the same denial of service can be triggered via a TCP socket connection. There is no confirmed patch or official remediation information available at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from uncontrolled recursion in the SSL and GSS negotiation processes within PostgreSQL, allowing an attacker with socket access to induce a sustained denial of service condition. The issue affects multiple PostgreSQL versions before the specified patch levels. The attack vector requires the ability to connect to PostgreSQL AF_UNIX sockets, or if SSL and GSS are disabled, to TCP sockets. The CVSS 3.1 score is 7.5, reflecting high severity due to the potential for denial of service without requiring privileges or user interaction.
Potential Impact
An attacker able to connect to PostgreSQL AF_UNIX sockets can cause a sustained denial of service by exploiting uncontrolled recursion in SSL and GSS negotiation. If SSL and GSS are disabled, the attacker can achieve the same impact via TCP socket access. The vulnerability does not impact confidentiality or integrity but results in availability loss.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict access to PostgreSQL AF_UNIX and TCP sockets to trusted users only to reduce the risk of exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- PostgreSQL
- Date Reserved
- 2026-04-17T00:45:37.869Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a05cfe8ec166c07b0e1394d
Added to database: 5/14/2026, 1:36:40 PM
Last enriched: 5/14/2026, 1:51:48 PM
Last updated: 5/14/2026, 3:53:17 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.