Volerion logoVolerion
Volerion logoVolerion

PostgreSQL Stack Buffer Overflow Vulnerability in Refint Module Allows Arbitrary Code Execution

Vulnerability

A stack buffer overflow vulnerability has been identified in the PostgreSQL 'refint' module, affecting versions prior to PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23. This vulnerability allows an unprivileged database user to execute arbitrary code as the operating system user running the database. Additionally, if a user-controlled column is declared as a 'refint' cascade primary key and allows user-controlled updates, a SQL injection could be exploited to execute arbitrary SQL as the database user performing the primary key update.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution on the operating system level, under the user account running the PostgreSQL database.

Remediation

Users can upgrade to PostgreSQL versions 18.4, 17.10, 16.14, 15.18, or 14.23 to address this vulnerability.

Added: May 14, 2026, 2:20 PM
Updated: May 14, 2026, 2:20 PM

Vulnerability Rating

Custom Algorithm
spread
8.1
impact
10.0
exploitability
4.3
remediation
7.7
relevance
8.1
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.