SQL injection in PostgreSQL pg_createsubscriber allows an attacker with
pg_create_subscription rights to execute arbitrary SQL as a superuser. The
attack takes effect when pg_createsubscriber next runs. Within major versions
17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected.
Versions before PostgreSQL 17 are unaffected.
The PostgreSQL project thanks Yu Kunpeng for reporting this problem.
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| 18 | 18.4 | 2026-05-14 |
| 17 | 17.10 | 2026-05-14 |
For more information about PostgreSQL versioning, please visit the versioning page.
| Overall Score | 7.2 |
|---|---|
| Component | client |
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org.
For reporting non-security bugs, please see the Report a Bug page.