{"vulnerability": "cve-2026-6637", "sightings": [{"uuid": "2dd1b621-6d0e-4b09-aa83-4973304cdd6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6637", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mm5g3ixq2d2p", "content": "\ud83d\udccc CVE-2026-6637 - Stack buffer overflow in PostgreSQL module \"refint\" allows an unprivileged database user to execute arbitrary code as the operating system user runnin... https://www.cyberhub.blog/cves/CVE-2026-6637", "creation_timestamp": "2026-05-18T17:37:08.075287Z"}, {"uuid": "ee7fd399-9ba1-405f-bac7-9782c7ae250e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-6637", "type": "seen", "source": "https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-postgresql-1", "content": "", "creation_timestamp": "2026-05-18T06:01:20.000000Z"}, {"uuid": "9baca6be-a018-46e3-9196-2a62258654c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-6637", "type": "seen", "source": "https://bsky.app/profile/cyberowi.pl/post/3mmgpraivvo2y", "content": "\ud83d\udea8 CVE-2026-6637: Luka w PostgreSQL pozwala na wykonanie kodu\n\nWykryto 11 luk w PostgreSQL, w tym krytyczn\u0105 CVE-2026-6637. Umo\u017cliwia ona nieuprzywilejowanemu u\u017cytkownikowi bazy danych wykonanie\n\nhttps://cyberowi.pl/cve-2026-6637-luka-w-postgresql-pozwala-na-wykonanie-kodu/\n\n#cyberbezpieczenstwo", "creation_timestamp": "2026-05-22T10:24:18.397154Z"}, {"uuid": "fbc09040-1cbe-433b-bcac-05429530703a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6637", "type": "seen", "source": "https://bsky.app/profile/pgexperts.bsky.social/post/3mmrpfk7f2p2m", "content": "CVE-2026-6637: stack buffer overflow plus SQL injection in contrib/refint. CVSS 8.8. refint is a 1990s referential-integrity workaround that has been pointless since real foreign keys shipped. If it is loaded anywhere in your fleet, fix that today.\n\nwww.postgresql.org/support/secu...\n\npgexperts.com", "creation_timestamp": "2026-05-26T19:17:03.228661Z"}, {"uuid": "f6fdfd4a-381d-4eff-ad8d-740986c99416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6637", "type": "seen", "source": "https://bsky.app/profile/pgexperts.bsky.social/post/3mp7nu2t4de2c", "content": "Reminder that the 2026-05-14 PostgreSQL release fixed 11 CVEs. One was a stack buffer overflow in refint (CVE-2026-6637): arbitrary code execution as the postgres OS user, from a contrib module old enough to vote.\n\nRelease: www.postgresql.org/about/news/p...\n\npgexperts.com\n\n#PostgreSQL #postgres", "creation_timestamp": "2026-06-26T19:17:03.300661Z"}, {"uuid": "53add2c0-3d28-49f6-a9dc-9d121325a168", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6637", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mpgkznxcc72u", "content": "\ud83d\udd17 CVE : CVE-2026-6473, CVE-2026-6475, CVE-2026-6477, CVE-2026-6637, CVE-2026-6638", "creation_timestamp": "2026-06-29T13:15:07.413420Z"}, {"uuid": "720c27f3-a552-4b75-8d88-9de3848fe15e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-6637", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0816", "content": "", "creation_timestamp": "2026-07-01T02:45:29.018586Z"}, {"uuid": "285b804f-da4b-427c-970f-68d748f9e0f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6637", "type": "seen", "source": "https://bsky.app/profile/pgexperts.bsky.social/post/3mpoqnlvu3i2b", "content": "PostgreSQL's May 2026 release fixed 11 CVEs. One is CVE-2026-6637: a stack buffer overflow in the refint contrib module that lets an unprivileged user run code as the postgres OS user. CVSS 8.8.\n\nwww.postgresql.org/support/secu...\n\npgexperts.com\n\n#PostgreSQL #Postgres", "creation_timestamp": "2026-07-02T19:17:02.699353Z"}]}