SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| 18 | 18.4 | 2026-05-14 |
| 17 | 17.10 | 2026-05-14 |
For more information about PostgreSQL versioning, please visit the versioning page.
| Overall Score | 7.2 |
|---|---|
| Component | client |
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org.
For reporting non-security bugs, please see the Report a Bug page.