EDB Security

Suggest edits

EDB is committed to a security first approach, from the products we build and the platforms we operate, to the services we provide our customers. Transparency is a core principle for the program and part of this effort includes welcoming incoming reports so that we can address concerns surfaced by our customers or security researchers. You’ll also find it in our advisories, which detail issues found and the required fixes or mitigations needed to keep your data and databases safe.

Policies

  • EDB Vulnerability Disclosure Policy

    This policy outlines how EnterpriseDB handles disclosures related to suspected vulnerabilities within our products, systems, or services. It also provides guidance for those who wish to perform security research, or may have discovered a potential security vulnerability impacting EDB.

Advisories

PostgreSQL CVE Assessments

Most Recent Advisories

CVE-2026-0949

  Read Advisory  Updated: 2026/01/16

PEM 9.8 Cross-site scripting

Postgres Enterprise Manager (PEM)
Summary:  PEM versions prior to 9.8.1 are affected by a stored Cross-Site Scripting (XSS) vulnerability that allows users with access to the “Manage Charts” menu to inject arbitrary Javascript when creating a new chart, which is then executed by any user accessing the chart. By default only the superuser and users with pem_admin or pem_super_admin privileges are able to access the “Manage Charts” menu.
Read More...

CVE-2025-2506

  Read Advisory  Published: 2025/05/22

pglogical 3.x, BDR/PGD 4.x and BDR/PGD 5.x allow unauthorized reads

All versions of pglogical 3.x, BDR/PGD 4.x and BDR/PGD 5.x prior to 3.7.26-ELS, 4.3.8-ELS and 5.8.0
Summary:  When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it is running on a replication connection but does not perform this check. This vulnerability was introduced in the pglogical 3.x codebase, which is proprietary to EDB. The same code base has been integrated into BDR/PGD 4 and 5.
Read More...

CVE-2025-14038

  Read Advisory  Updated: 2025/12/15

Unauthenticated gRPC API Access

Hybrid Manager (HM)
Summary:  EDB Hybrid Manager contains a flaw that allows an unauthenticated attacker to directly access certain gRPC endpoints. This allows unauthorized access to critical internal gRPC APIs within a Hybrid Manager service due to missing authentication and authorization checks in the Istio Gateway configuration. This vulnerability has been remediated in EDB Hybrid Manager 1.3.3 and HM 2025.12, and customers should consider upgrading to the patched version as soon as possible.
Read More...

CVE-2024-4545

  Read Advisory  Updated: 2024/05/09

EDB Postgres Advanced Server (EPAS) authenticated file read permissions bypass using edbldr

All versions of EDB Postgres Advanced Server (EPAS) edbldr from 15.0 and prior to 15.7.0 and from 16.0 and prior to 16.3.0
Summary:  All versions of EnterpriseDB Postgres Advanced Server (EPAS) from 15.0 and prior to 15.7.0 and from 16.0 and prior to 16.3.0 may allow users using edbldr to bypass role permissions from pg_read_server_files. This could allow low privilege users to read files to which they would not otherwise have access.
Read More...

CVE-2023-41120

  Read Advisory  Updated: 2025/01/31

EDB Postgres Advanced Server (EPAS) DBMS_PROFILER data may be removed without permission

All versions of EnterpriseDB Postgres Advanced Server (EPAS) prior to 11.21.32, 12.16.20, 13.12.17, 14.9.0, 15.4.0
Summary:  An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of that user's permissions.
Read More...

Most Recent Assessments

CVE-2026-6637

  Read Assessment  Published: 2026/06/22

PostgreSQL refint allows stack buffer overflow and SQL injection

PostgreSQL, EDB Postgres Advanced Server, EDB Postgres Extended Server, WarehousePG, and CloudNativePG
Summary:  Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
Read More...

CVE-2026-6479

  Read Assessment  Published: 2026/06/22

PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion

PostgreSQL, EDB Postgres Advanced Server, EDB Postgres Extended Server, WarehousePG, and CloudNativePG
Summary:  Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
Read More...

CVE-2026-6477

  Read Assessment  Published: 2026/06/22

PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory

PostgreSQL, EDB Postgres Advanced Server, EDB Postgres Extended Server, WarehousePG, and CloudNativePG
Summary:  Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
Read More...

CVE-2026-6476

  Read Assessment  Published: 2026/06/22

PostgreSQL pg_createsubscriber allows SQL injection via subscription name

PostgreSQL, EDB Postgres Advanced Server, EDB Postgres Extended Server, and CloudNativePG
Summary:  SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.
Read More...

CVE-2026-6475

  Read Assessment  Published: 2026/06/22

PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice

PostgreSQL, EDB Postgres Advanced Server, EDB Postgres Extended Server, WarehousePG, and CloudNativePG
Summary:  Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.
Read More...

Could this page be better? Report a problem or suggest an addition!