First Published: 2026/06/22
Important: This is an assessment of the impact of CVE-2026-6473 on EDB products and services. It links to and details the CVE and supplements that information with EDB's own assessment.
Summary
Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
Vulnerability details
CVE-ID: CVE-2026-6473
CVE Publish Date: 2026/05/14
CVSS Base Score: 8.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products and versions
PostgreSQL
- All versions prior to 18.4
- All versions prior to 17.10
- All versions prior to 16.14
- All versions prior to 15.18
- All versions prior to 14.23
EnterpriseDB Postgres Advanced Server (EPAS)
- All versions prior to 18.4
- All versions prior to 17.10
- All versions prior to 16.14.0
- All versions prior to 15.18.0
- All versions prior to 14.23.0
EnterpriseDB Postgres Extended (PGE)
- All versions prior to 18.4
- All versions prior to 17.10
- All versions prior to 16.14
- All versions prior to 15.18
- All versions prior to 14.23
CloudNativePG
- All operand versions prior to 18.4
- All operand versions prior to 17.10
- All operand versions prior to 16.14
- All operand versions prior to 15.18
- All operand versions prior to 14.23
WarehousePG
- All 6.x versions prior to 6.27.5
- All 7.2.x versions prior to 7.2.4
- All 7.3.x versions prior to 7.3.2
- All 7.4.x versions prior to 7.4.1
Remediation/fixes
EDB Postgres Extended Server
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| prior to 18.4.0 | 18.4.0 | 2026-05-14 |
| prior to 17.10 | 17.10 | 2026-05-14 |
| prior to 16.14 | 16.14 | 2026-05-14 |
| prior to 15.18 | 15.18 | 2026-05-14 |
| prior to 14.23 | 14.23 | 2026-05-14 |
EDB Postgres Advanced Server
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| prior to 18.4 | 18.4 | 2026-05-14 |
| prior to 17.10 | 17.10 | 2026-05-14 |
| prior to 16.14.0 | 16.14.0 | 2026-05-14 |
| prior to 15.18.0 | 15.18.0 | 2026-05-14 |
| prior to 14.23.0 | 14.23.0 | 2026-05-14 |
CloudNativePG
Customer should update to the fixed version of the PostgreSQL operands.
WarehousePG
WarehousePG fixes are available in the following versions:
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| All 6.x prior to 6.27.5 | 6.27.5-WHPG | 2026-06-15 |
| All 7.2.x prior to 7.2.4 | 7.2.4-WHPG | 2026-06-15 |
| All 7.3.x prior to 7.3.2 | 7.3.2-WHPG | 2026-06-15 |
| All 7.4.x prior to 7.4.1 | 7.4.1-WHPG | 2026-06-15 |
| Development (main) prior to 7.5.0 | 7.5.0-WHPG | 2026-06-08 |
References
- CVSS Calculator v3.1
- NVD - CVE-2026-6473 Detail
- https://www.postgresql.org/support/security/CVE-2026-6473/
- CWE-190 Integer Overflow or Wraparound
Related information
Acknowledgement
Source: PostgreSQL.org
Change history
22 June 2026: Updated WarehousePG remediation with released fix versions
04 June 2026: Added WarehousePG as an affected product
27 May 2026: Added CloudNativePG as an affected product
14 May 2026: Original Copy Published
Disclaimer
This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information on the document is at your own risk. EDB reserves the right to change or update this document at any time. Customers are therefore recommended to always view the latest version of this document.