JLSEC-2026-607

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-607.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-607.json
JSON Data
https://api.test.osv.dev/v1/vulns/JLSEC-2026-607
Upstream
  • CVE-2026-6637
Published
2026-06-08T13:54:13.679Z
Modified
2026-06-08T14:00:04.351840990Z
Summary
[none]
Details

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

Database specific 
{
    "sources": [
        {
            "modified": "2026-05-18T15:05:21.300Z",
            "published": "2026-05-14T14:16:25.820Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6637",
            "database_specific": {
                "status": "Analyzed"
            },
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-6637",
            "id": "CVE-2026-6637",
            "imported": "2026-06-08T13:34:10.069Z"
        }
    ],
    "license": "CC-BY-4.0"
}
References

Affected packages

Julia / LibPQ_jll

Package

Name
LibPQ_jll
Purl
pkg:julia/LibPQ_jll?uuid=08be9ffa-1c94-5ee5-a977-46a84ec9b350

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
16.14.0+0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-607.json"