Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | PostgreSQL | unaffected |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
No data.
Project Subscriptions
No data.
| Source | ID | Title |
|---|---|---|
 Debian DSA |
DSA-6269-1 | postgresql-15 security update |
| Debian DSA |
DSA-6270-1 | postgresql-17 security update |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
| Link | Providers |
|---|---|
| https://www.postgresql.org/support/security/CVE-2026-6474/ |
|
Thu, 14 May 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | |
| Title | PostgreSQL timeofday() can disclose portions of server memory | |
| Weaknesses | CWE-134 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: PostgreSQL
Published:
Updated: 2026-05-14T13:00:10.254Z
Reserved: 2026-04-17T00:36:25.451Z
Link: CVE-2026-6474
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-05-14T14:16:24.997
Modified: 2026-05-14T14:16:24.997
Link: CVE-2026-6474
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-05-14T14:45:22Z