CVE-2026-6666 PUBLISHED

PgBouncer crash in kill_pool_logins_server_error

Assigner: PostgreSQL
Reserved: 20.04.2026 Published: 09.05.2026 Updated: 09.05.2026

A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 5.9

Product Status

Vendor n/a
Product PgBouncer
Versions Default: unaffected
  • affected from 0 to 1.25.2 (excl.)

Credits

  • Thanks to HarutoKimura for finding and reporting this problem. finder

References

Problem Types

  • NULL Pointer Dereference CWE