Primary

Context

PostgreSQL Denial-of-Service Vulnerability via Uncontrolled Recursion in SSL and GSS Negotiation

Vulnerability

Patched

A denial-of-service vulnerability has been identified in PostgreSQL versions prior to 18.4, 17.10, 16.14, 15.18, and 14.23. The issue arises from uncontrolled recursion during SSL and GSS negotiation, which can be exploited by an attacker with access to a PostgreSQL AF_UNIX socket, leading to sustained denial-of-service conditions. If both SSL and GSS are disabled, the vulnerability can be exploited through a PostgreSQL TCP socket.

Impact

Exploitation of this vulnerability causes a sustained denial-of-service condition on the PostgreSQL server.

Remediation

Users can upgrade to PostgreSQL versions 18.4, 17.10, 16.14, 15.18, or 14.23 to address this vulnerability.

Added: May 14, 2026, 2:21 PM

Updated: May 14, 2026, 2:21 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

6.4

remediation

7.7

relevance

8.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

6.4

remediation

7.7

relevance

8.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PostgreSQL Denial-of-Service Vulnerability via Uncontrolled Recursion in SSL and GSS Negotiation

Vulnerability

Impact

Remediation

Affected Products

PostgreSQL

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating