Two new PostgreSQL vulnerabilities tracked as CVE-2026-6473 and CVE-2026-6637 have been patched in the latest PostgreSQL updates.

At the moment, very little technical information has been publicly disclosed, but both vulnerabilities are described as potentially allowing execution of arbitrary code as the operating system user running PostgreSQL.

Debian has already pushed patched PostgreSQL packages to its repositories, and other Linux distributions are expected to follow quickly.

More information is expected once disclosures and advisories are published.

Sources: Debian mailing list: https://lists.debian.org/debian-security-announce/2026/msg00180.html PostgreSQL: https://www.postgresql.org/about/news/postgresql-184-1710-1614-1518-and-1423-released-3297/