CVE-2026-6575: Buffer Over-read in PostgreSQL
CVE-2026-6575 is a medium severity buffer over-read vulnerability in PostgreSQL version 18 prior to 18. 4. The flaw exists in the pg_restore_attribute_stats() function, which improperly handles array values of unmatched length, causing query planning to read beyond the end of an array. This can allow a table maintainer to infer memory contents beyond the intended boundary. Versions before PostgreSQL 18 are not affected. No official patch or remediation level has been confirmed yet.
AI Analysis
Technical Summary
This vulnerability involves a buffer over-read in PostgreSQL's pg_restore_attribute_stats() function when it processes array values of unmatched length. The issue causes the query planner to read past the end of one array, potentially leaking memory data to a user with table maintainer privileges. The vulnerability affects PostgreSQL major version 18, specifically minor versions before 18.4. There is no indication that earlier major versions are impacted. The CVSS 3.1 base score is 4.3, reflecting a medium severity with network attack vector, low complexity, and requiring privileges with no user interaction.
Potential Impact
An attacker with table maintainer privileges can exploit this vulnerability to infer memory values beyond the intended array boundary. This may lead to partial disclosure of memory contents, which could aid in further attacks or information gathering. There is no indication of integrity or availability impact. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the PostgreSQL vendor advisory for current remediation guidance. Since the vulnerability affects versions before 18.4, upgrading to PostgreSQL 18.4 or later, once available, is likely the recommended fix. Until an official patch or update is released, restrict table maintainer privileges to trusted users only to reduce risk.
CVE-2026-6575: Buffer Over-read in PostgreSQL
Description
CVE-2026-6575 is a medium severity buffer over-read vulnerability in PostgreSQL version 18 prior to 18. 4. The flaw exists in the pg_restore_attribute_stats() function, which improperly handles array values of unmatched length, causing query planning to read beyond the end of an array. This can allow a table maintainer to infer memory contents beyond the intended boundary. Versions before PostgreSQL 18 are not affected. No official patch or remediation level has been confirmed yet.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a buffer over-read in PostgreSQL's pg_restore_attribute_stats() function when it processes array values of unmatched length. The issue causes the query planner to read past the end of one array, potentially leaking memory data to a user with table maintainer privileges. The vulnerability affects PostgreSQL major version 18, specifically minor versions before 18.4. There is no indication that earlier major versions are impacted. The CVSS 3.1 base score is 4.3, reflecting a medium severity with network attack vector, low complexity, and requiring privileges with no user interaction.
Potential Impact
An attacker with table maintainer privileges can exploit this vulnerability to infer memory values beyond the intended array boundary. This may lead to partial disclosure of memory contents, which could aid in further attacks or information gathering. There is no indication of integrity or availability impact. No known exploits are reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the PostgreSQL vendor advisory for current remediation guidance. Since the vulnerability affects versions before 18.4, upgrading to PostgreSQL 18.4 or later, once available, is likely the recommended fix. Until an official patch or update is released, restrict table maintainer privileges to trusted users only to reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- PostgreSQL
- Date Reserved
- 2026-04-19T00:06:35.060Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a05cfeaec166c07b0e13e24
Added to database: 5/14/2026, 1:36:42 PM
Last enriched: 5/14/2026, 1:52:45 PM
Last updated: 5/14/2026, 3:49:40 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.