CVE-2026-6479 - Vulnerability Details - OpenCVE

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Postgresql	Postgresql

No data.

No data.

References

Link	Providers
https://www.postgresql.org/support/security/CVE-2026-6479/

History

Thu, 14 May 2026 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 14 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Postgresql Postgresql postgresql
Vendors & Products		Postgresql Postgresql postgresql

Thu, 14 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
Title		PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
Weaknesses		CWE-674
References		https://www.postgresql.org/support/security/CVE-2026-6479/
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: PostgreSQL

Published: 2026-05-14T13:00:13.859Z

Updated: 2026-05-14T15:26:20.166Z

Reserved: 2026-04-17T00:45:37.869Z

Link: CVE-2026-6479

Vulnrichment

Updated: 2026-05-14T15:26:16.660Z

NVD

Status : Awaiting Analysis

Published: 2026-05-14T14:16:25.583

Modified: 2026-05-14T16:21:23.190

Link: CVE-2026-6479

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6479", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "state": "PUBLISHED", "assignerShortName": "PostgreSQL", "dateReserved": "2026-04-17T00:45:37.869Z", "datePublished": "2026-05-14T13:00:13.859Z", "dateUpdated": "2026-05-14T15:26:20.166Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2026-05-14T13:00:13.859Z"}, "title": "PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion", "descriptions": [{"lang": "en", "value": "Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected."}], "affected": [{"defaultStatus": "unaffected", "product": "PostgreSQL", "vendor": "n/a", "versions": [{"lessThan": "18.4", "status": "affected", "version": "18", "versionType": "rpm"}, {"lessThan": "17.10", "status": "affected", "version": "17", "versionType": "rpm"}, {"lessThan": "16.14", "status": "affected", "version": "16", "versionType": "rpm"}, {"lessThan": "15.18", "status": "affected", "version": "15", "versionType": "rpm"}, {"lessThan": "14.23", "status": "affected", "version": "0", "versionType": "rpm"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-674", "type": "CWE", "description": "Uncontrolled Recursion"}]}], "references": [{"url": "https://www.postgresql.org/support/security/CVE-2026-6479/"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "workarounds": [{"lang": "en", "value": "enable SSL and/or GSS; disable unix_socket_directories"}], "credits": [{"lang": "en", "value": "The PostgreSQL project thanks Calif.io in collaboration with Claude and Anthropic Research for reporting this problem."}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-14T15:26:13.223741Z", "id": "CVE-2026-6479", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-14T15:26:20.166Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6479", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-14T15:26:13.223741Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-14T15:26:16.660Z"}}], "cna": {"title": "PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion", "credits": [{"lang": "en", "value": "The PostgreSQL project thanks Calif.io in collaboration with Claude and Anthropic Research for reporting this problem."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "affected": [{"vendor": "n/a", "product": "PostgreSQL", "versions": [{"status": "affected", "version": "18", "lessThan": "18.4", "versionType": "rpm"}, {"status": "affected", "version": "17", "lessThan": "17.10", "versionType": "rpm"}, {"status": "affected", "version": "16", "lessThan": "16.14", "versionType": "rpm"}, {"status": "affected", "version": "15", "lessThan": "15.18", "versionType": "rpm"}, {"status": "affected", "version": "0", "lessThan": "14.23", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.postgresql.org/support/security/CVE-2026-6479/"}], "workarounds": [{"lang": "en", "value": "enable SSL and/or GSS; disable unix_socket_directories"}], "descriptions": [{"lang": "en", "value": "Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-674", "description": "Uncontrolled Recursion"}]}], "providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2026-05-14T13:00:13.859Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6479", "state": "PUBLISHED", "dateUpdated": "2026-05-14T15:26:20.166Z", "dateReserved": "2026-04-17T00:45:37.869Z", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "datePublished": "2026-05-14T13:00:13.859Z", "assignerShortName": "PostgreSQL"}, "dataVersion": "5.2"}