CVE-2026-6664 PUBLISHED

PgBouncer integer overflow in PgBouncer network packet parsing

Assigner: PostgreSQL
Reserved: 20.04.2026 Published: 09.05.2026 Updated: 09.05.2026

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 7.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	n/a
Product	PgBouncer
Versions	Default: unaffected affected from 0 to 1.25.2 (excl.)

Affected Configurations

SCRAM client authentication is configured

Workarounds

Do not configure SCRAM for client authentication

Credits

Thanks to Johannes Möller for finding and reporting this problem. finder

References

https://www.pgbouncer.org/changelog.html#pgbouncer-125x

Problem Types

Integer Overflow or Wraparound CWE