Fix SQL injection in logical replication origin checks.

Noah Misch <noah@leadboat.com>

Commit: f0f59b658ef10901c9af3af7705c802a72a0577e
Author: Noah Misch <noah@leadboat.com>
Date: 2026-05-11T12:13:48Z
Releases: 17.10
Fix SQL injection in logical replication origin checks.

ALTER SUBSCRIPTION ... REFRESH PUBLICATION interpolates schema and
relation names into SQL without quoting them.  A crafted subscriber
relation name can inject arbitrary SQL on the publisher.  Test such a
name.  Back-patch to v16, where commit
875693019053b8897ec3983e292acbb439b088c3 first appeared.

Reported-by: Pavel Kohout <pavel.kohout@aisle.com>
Author: Pavel Kohout <pavel.kohout@aisle.com>
Reviewed-by: Nathan Bossart <nathandbossart@gmail.com>
Backpatch-through: 16
Security: CVE-2026-6638

Files