{ "threat_severity" : "Important", "public_date" : "2026-05-14T13:00:13Z", "bugzilla" : { "description" : "postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison", "id" : "2477447", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2477447" }, "cvss3" : { "cvss3_base_score" : "8.2", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-385", "details" : [ "A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts databases that retain MD5-hashed passwords from upgrades of PostgreSQL 13 or earlier." ], "affected_release" : [ { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-05-26T00:00:00Z", "advisory" : "RHSA-2026:21182", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "postgresql17-main-17.10-0.1.hum1" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "postgresql16", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "postgresql18", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Affected", "package_name" : "postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Affected", "package_name" : "postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "postgresql:12/postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "postgresql:13/postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "postgresql:15/postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "postgresql:16/postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "postgresql:15/postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "postgresql:16/postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "postgresql:18/postgresql", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Hardened Images", "fix_state" : "Affected", "package_name" : "postgresql18", "cpe" : "cpe:/a:redhat:hummingbird:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-6478\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6478\nhttps://www.postgresql.org/support/security/CVE-2026-6478/" ], "name" : "CVE-2026-6478", "mitigation" : { "value" : "To mitigate this vulnerability, ensure that all PostgreSQL user passwords are not hashed using MD5. Users should migrate to stronger hashing algorithms such as `scram-sha-256`. This can be achieved by altering user passwords, which will automatically update their hash to the currently configured default. For example, to change a user's password: `ALTER USER username WITH PASSWORD 'new_password';` This action will require users to re-authenticate. If a service relies on these credentials, it may require a restart to pick up the new authentication details.", "lang" : "en:us" }, "csaw" : false }