VDB
JLSEC-2026-42
JLSEC-2026-42
PUBLISHED
CVSS 8.600000381469727 HIGH
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.
Risk Scores
CVSS v4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Julia | LibPQ_jll | 0, 0 |
Timeline
- Apr 3, 2026 CVE Published
- Apr 3, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
References
- https://access.redhat.com/errata/RHSA-2023:7545 url
- https://access.redhat.com/errata/RHSA-2023:7579 url
- https://access.redhat.com/errata/RHSA-2023:7580 url
- https://access.redhat.com/errata/RHSA-2023:7581 url
- https://access.redhat.com/errata/RHSA-2023:7616 url
- https://access.redhat.com/errata/RHSA-2023:7656 url
- https://access.redhat.com/errata/RHSA-2023:7666 url
- https://access.redhat.com/errata/RHSA-2023:7667 url
- https://access.redhat.com/errata/RHSA-2023:7694 url
- https://access.redhat.com/errata/RHSA-2023:7695 url
- https://access.redhat.com/errata/RHSA-2023:7714 url
- https://access.redhat.com/errata/RHSA-2023:7770 url
- https://access.redhat.com/errata/RHSA-2023:7772 url
- https://access.redhat.com/errata/RHSA-2023:7784 url
- https://access.redhat.com/errata/RHSA-2023:7785 url
- https://access.redhat.com/errata/RHSA-2023:7883 url
- https://access.redhat.com/errata/RHSA-2023:7884 url
- https://access.redhat.com/errata/RHSA-2023:7885 url
- https://access.redhat.com/errata/RHSA-2024:0304 url
- https://access.redhat.com/errata/RHSA-2024:0332 url
…and 8 more