Volerion logoVolerion
Volerion logoVolerion

PostgreSQL Symlink Following Vulnerability in pg_basebackup and pg_rewind Allowing File Overwrite

Vulnerability

A symlink following vulnerability has been identified in PostgreSQL's pg_basebackup plain format and in pg_rewind. This vulnerability allows an origin superuser to overwrite local files, such as /var/lib/postgres/.bashrc, potentially hijacking the operating system account. The issue arises in versions prior to PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23. The vulnerability's impact is practical only if relevant actions are taken between executing these commands and starting the server, such as transferring the overwritten files to a different virtual machine or snapshotting the VM.

Impact

Exploitation of this vulnerability can lead to unauthorized overwriting of local files, with the potential to hijack the operating system account of the PostgreSQL superuser.

Remediation

Users can upgrade to PostgreSQL versions 18.4, 17.10, 16.14, 15.18, or 14.23 to address this vulnerability.

Added: May 14, 2026, 2:23 PM
Updated: May 14, 2026, 2:23 PM

Vulnerability Rating

Custom Algorithm
spread
8.1
impact
0.8
exploitability
4.9
remediation
7.7
relevance
8.3
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.