USN-8294-1

It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. (CVE-2026-6472)

It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-6473)

It was discovered that PostgreSQL incorrectly handled format strings in the timeofday() function. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6474)

It was discovered that PostgreSQL incorrectly followed symbolic links in pg_basebackup and pg_rewind. An attacker could possibly use this issue to overwrite local files and execute arbitrary code. (CVE-2026-6475)

It was discovered that PostgreSQL had an SQL injection vulnerability in pg_createsubscriber. An attacker could possibly use this issue to execute arbitrary SQL as a superuser. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-6476)

It was discovered that PostgreSQL used an unsafe libpq function in large object operations. An attacker could possibly use this issue to overwrite client memory and execute arbitrary code. (CVE-2026-6477)

It was discovered that PostgreSQL did not compare MD5-hashed passwords in constant time. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6478)

It was discovered that PostgreSQL had uncontrolled recursion during SSL and GSS negotiation. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-6479)

It was discovered that PostgreSQL incorrectly handled array length mismatches in pg_restore_attribute_stats(). An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-6575)

It was discovered that PostgreSQL had a stack buffer overflow in the refint module. An...