Skip to main content

scram-client CVE-2026-53712

HIGH
Not Failing Securely ('Failing Open') (CWE-636)
2026-07-01 https://github.com/ongres/scram GHSA-p9jg-fcr6-3mhf
Share

Severity by source

vuln.today AI
7.4 HIGH

Network reachable but AC:H due to required MITM position plus a specific non-'WITH' cert algorithm and strict-binding config; no auth needed (PR:N); MITM downgrade enables interception/manipulation (C:H/I:H), no availability impact.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Estimated by vuln.today — no official severity rating has been published for this CVE yet.

Lifecycle Timeline

1
Analysis Generated
Jul 01, 2026 - 22:22 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 2 maven packages depend on com.ongres.scram:scram-client (1 direct, 1 indirect)
  • 3 maven packages depend on com.ongres.scram:scram-common (1 direct, 2 indirect)

Ecosystem-wide dependent count for version 3.3 and other introduced versions.

DescriptionCVE.org

Summary

A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle (MITM) attack to silently downgrade a connection from SCRAM-SHA-256-PLUS (with channel binding) to standard SCRAM-SHA-256 (without channel binding), bypassing strict client-side enforcement policies.

Component Breakdown

This occurs due to a two-part failure in TlsServerEndpoint when a server presents an X.509 certificate using a modern signature algorithm that lacks traditional WITH naming structures (such as Ed25519 or post-quantum algorithms):

  1. The internal hash derivation method fails to parse the algorithm name, swallows the resulting NoSuchAlgorithmException, and silently returns an empty byte array via the deprecated getChannelBindingData()` API.
  2. The client builder mistakenly interprets this empty byte array as an environmental absence of channel binding data rather than a cryptographic failure, falling back to non-channel-bound authentication.

Impact & Scope

This issue only impacts deployments where the downstream application layer explicitly enforces strict channel binding enforcement (e.g., channelBinding=require in pgJDBC).

Drivers operating under a "prefer" or "allow" policy (used by default) are structurally insulated from an unhandled exception since a fallback to standard SCRAM is within their expected configuration.

Remediation

Update your project configuration to pull in version 3.3 or later of the SCRAM library, which introduces strict exception propagation and explicit policy controls.

If you are interacting with the ScramClient builder API directly (e.g., writing a custom driver or database extension):

  • Migrate Deprecated APIs: Stop using TlsServerEndpoint.getChannelBindingData(). Transition immediately to TlsServerEndpoint.getChannelBindingHash(), which correctly propagates NoSuchAlgorithmException up the stack.
  • Adopt Explicit Policies: Leverage the newly introduced ChannelBindingPolicy API during client construction. Do not rely on implicit parameter presence to dictate your security boundaries.
java
ScramClient client = ScramClient.builder()
    .advertisedMechanisms(serverMechanisms)
    .username(user)
    .password(pass)
    // Explicitly enforce strict boundaries if needed.
    .channelBindingPolicy(ChannelBindingPolicy.REQUIRE)
    .channelBinding(TlsServerEndpoint.TLS_SERVER_END_POINT, certHash)
    .build();

AnalysisAI

TLS channel-binding downgrade in the ongres scram-client Java library (com.ongres.scram) lets a network man-in-the-middle silently strip SCRAM-SHA-256-PLUS down to plain SCRAM-SHA-256, defeating clients that explicitly require channel binding (e.g. channelBinding=require in pgJDBC). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain MITM position on TLS path
Delivery
Present Ed25519-signed server certificate
Exploit
Channel-binding hash derivation throws, error swallowed
Execution
Client receives empty binding, treats as absent
Persist
Strict channelBinding=require downgrades to plain SCRAM-SHA-256
Impact
Attacker relays authenticated session

Vulnerability AssessmentAI

Exploitation Exploitation requires the simultaneous presence of three concrete conditions: (1) the attacker holds an active TLS man-in-the-middle position on the connection; (2) the server (or the attacker's substituted certificate) uses an X.509 signature algorithm that lacks a traditional 'WITH' name - specifically Ed25519 or post-quantum algorithms - which is what triggers the unhandled NoSuchAlgorithmException; and (3) the downstream client is explicitly configured to strictly enforce channel binding (e.g. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No CVSS score or vector was supplied by NVD or the vendor, so severity signals must be inferred. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker positioned to intercept TLS between a client and a PostgreSQL-compatible server (e.g. via ARP/DNS spoofing or a rogue network hop) presents a substitute certificate signed with Ed25519. …
Remediation Upgrade the SCRAM dependency to version 3.3 or later, which introduces strict exception propagation (the swallowed NoSuchAlgorithmException is now surfaced) and an explicit ChannelBindingPolicy API; update your Maven/Gradle configuration to pull com.ongres.scram:scram-client 3.3+ and rebuild. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Scan all infrastructure and applications to identify components using com.ongres.scram or com.ongres:scram-client library and document current versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Java

View all
CVE-2012-4681 CRITICAL POC
9.8 Aug 28

Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m

CVE-2015-7450 CRITICAL POC
9.8 Jan 02

Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti

CVE-2013-2465 CRITICAL POC
9.8 Jun 18

Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent

CVE-2011-3544 CRITICAL POC
9.8 Oct 19

Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug

CVE-2010-1871 HIGH POC
8.8 Aug 05

JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to

CVE-2012-1723 CRITICAL POC
9.8 Jun 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up

CVE-2013-0422 CRITICAL POC
9.8 Jan 10

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using

CVE-2012-0507 CRITICAL POC
9.8 Jun 07

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Up

CVE-2015-4852 CRITICAL POC
9.8 Nov 18

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers

CVE-2012-5076 CRITICAL POC
9.8 Oct 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow

CVE-2017-3066 CRITICAL POC
9.8 Apr 27

Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla

CVE-2012-0391 CRITICAL POC
9.8 Jan 08

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during

Share

CVE-2026-53712 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy