CLEANSTART-2026-HJ04971

See a problem?
Import Source
https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-HJ04971.json
JSON Data
https://api.test.osv.dev/v1/vulns/CLEANSTART-2026-HJ04971
Upstream
Published
2026-01-30T17:21:56.808972Z
Modified
2026-01-29T18:58:54Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT
Details

Multiple security vulnerabilities affect the postgresql package. A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. See references for individual vulnerability details.

References

Affected packages

CleanStart / postgresql

Package

Name
postgresql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.6.4-r0

Database specific

source 
"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-HJ04971.json"