CVE-2026-6475

PostgreSQL · pg_basebackup and pg_rewind

A symlink following vulnerability in PostgreSQL's pg_basebackup and pg_rewind tools allows a superuser to overwrite arbitrary local files on the system.

Executive summary

A symlink following flaw in PostgreSQL utilities allows a privileged user to overwrite local files, posing a significant risk to system integrity.

Vulnerability

This is a Unix Symbolic Link (Symlink) Following vulnerability (CWE-61). By manipulating symlinks, a superuser can force the affected utilities to write data to arbitrary locations on the filesystem, leading to unauthorized file overwriting.

Business impact

Exploitation of this flaw allows a superuser to overwrite critical system files, which could lead to system instability, privilege escalation, or the destruction of essential data. With a CVSS score of 8.8, the potential for system-wide impact is high and must be addressed to maintain the security posture of the database host.

Remediation

Immediate Action: Update PostgreSQL installations to the latest versions to receive the necessary security fixes for these utilities.

Proactive Monitoring: Monitor filesystem activity for unexpected write operations or modifications to critical system files by the database service user.

Compensating Controls: Limit access to the server's filesystem and ensure that administrative users follow strict operational procedures when performing backups or rewinds.

Exploitation status

Public Exploit Available: No

Analyst recommendation

The risk of file overwrite requires that all administrators update their PostgreSQL tools to the versions specified by the vendor. Ensure that the update process covers all environments where pg_basebackup or pg_rewind might be executed.