7.5
CVE-2026-6479
- EPSS 0.47%
- Veröffentlicht 14.05.2026 13:00:13
- Zuletzt bearbeitet 18.05.2026 15:04:25
- Quelle f86ef6dc-4d3a-42ad-8f28-e6d554
- CVE-Watchlists
- Unerledigt
PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version < 14.23
Postgresql ≫ Postgresql Version >= 15.0 < 15.18
Postgresql ≫ Postgresql Version >= 16.0 < 16.14
Postgresql ≫ Postgresql Version >= 17.0 < 17.10
Postgresql ≫ Postgresql Version >= 18.0 < 18.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.37 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-674 Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
https://www.postgresql.org/support/security/CVE-2026-6479/