Fix SQL injection in logical replication origin checks.

Noah Misch <noah@leadboat.com>

Commit: cb35d730689546dd7334437f2954a6670fbb967e
Author: Noah Misch <noah@leadboat.com>
Date: 2026-05-11T12:13:47Z
Releases: 18.4
Fix SQL injection in logical replication origin checks.

ALTER SUBSCRIPTION ... REFRESH PUBLICATION interpolates schema and
relation names into SQL without quoting them.  A crafted subscriber
relation name can inject arbitrary SQL on the publisher.  Test such a
name.  Back-patch to v16, where commit
875693019053b8897ec3983e292acbb439b088c3 first appeared.

Reported-by: Pavel Kohout <pavel.kohout@aisle.com>
Author: Pavel Kohout <pavel.kohout@aisle.com>
Reviewed-by: Nathan Bossart <nathandbossart@gmail.com>
Backpatch-through: 16
Security: CVE-2026-6638

Files