What is the CVSS score of CVE-2026-6477?

CVE-2026-6477 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of PostgreSQL libpq are affected by CVE-2026-6477?

CVE-2026-6477 affects PostgreSQL's libpq client library, allowing malicious database servers to execute arbitrary code on administrative clients (psql, pg_dump) during routine operations like backups…. A patch is available.

PostgreSQL libpq CVE-2026-6477

EUVD-2026-30283 HIGH

Use of Inherently Dangerous Function (CWE-242)

2026-05-14 PostgreSQL

GHSA-jm5f-gpfq-q9h3

Information Disclosure PostgreSQL Suse

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 14, 2026 - 15:01 EUVD

Analysis Generated

May 14, 2026 - 14:01 vuln.today

CVE Published

May 14, 2026 - 13:00 nvd

HIGH 8.8

DescriptionNVD

Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

AnalysisAI

PostgreSQL libpq client library allows malicious server superusers to execute arbitrary code on connecting clients by overwriting stack buffers via unbounded responses to PQfn() calls. The vulnerability affects lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions used by psql and pg_dump utilities. …

RemediationAI

Within 24 hours: Inventory all systems running PostgreSQL client tools (psql, pg_dump) and identify which versions are affected; restrict administrative database connections to trusted, internally-controlled PostgreSQL servers only. Within 7 days: Apply vendor patches when released or implement network segmentation to prevent client systems from connecting to external/untrusted PostgreSQL instances; disable large object operations (lo_export, lo_read, lo_lseek64, lo_tell64) if not required. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-6477 vulnerability details – vuln.today

Back

PostgreSQL libpq CVE-2026-6477

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code