scram-client CVE-2026-53712
HIGHSeverity by source
Network reachable but AC:H due to required MITM position plus a specific non-'WITH' cert algorithm and strict-binding config; no auth needed (PR:N); MITM downgrade enables interception/manipulation (C:H/I:H), no availability impact.
Estimated by vuln.today — no official severity rating has been published for this CVE yet.
Lifecycle Timeline
1Blast Radius
ecosystem impact- 2 maven packages depend on com.ongres.scram:scram-client (1 direct, 1 indirect)
- 3 maven packages depend on com.ongres.scram:scram-common (1 direct, 2 indirect)
Ecosystem-wide dependent count for version 3.3 and other introduced versions.
DescriptionCVE.org
Summary
A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle (MITM) attack to silently downgrade a connection from SCRAM-SHA-256-PLUS (with channel binding) to standard SCRAM-SHA-256 (without channel binding), bypassing strict client-side enforcement policies.
Component Breakdown
This occurs due to a two-part failure in TlsServerEndpoint when a server presents an X.509 certificate using a modern signature algorithm that lacks traditional WITH naming structures (such as Ed25519 or post-quantum algorithms):
- The internal hash derivation method fails to parse the algorithm name, swallows the resulting
NoSuchAlgorithmException, and silently returns an empty byte array via the deprecatedgetChannelBindingData()` API. - The client builder mistakenly interprets this empty byte array as an environmental absence of channel binding data rather than a cryptographic failure, falling back to non-channel-bound authentication.
Impact & Scope
This issue only impacts deployments where the downstream application layer explicitly enforces strict channel binding enforcement (e.g., channelBinding=require in pgJDBC).
Drivers operating under a "prefer" or "allow" policy (used by default) are structurally insulated from an unhandled exception since a fallback to standard SCRAM is within their expected configuration.
Remediation
Update your project configuration to pull in version 3.3 or later of the SCRAM library, which introduces strict exception propagation and explicit policy controls.
If you are interacting with the ScramClient builder API directly (e.g., writing a custom driver or database extension):
- Migrate Deprecated APIs: Stop using
TlsServerEndpoint.getChannelBindingData(). Transition immediately toTlsServerEndpoint.getChannelBindingHash(), which correctly propagatesNoSuchAlgorithmExceptionup the stack. - Adopt Explicit Policies: Leverage the newly introduced
ChannelBindingPolicyAPI during client construction. Do not rely on implicit parameter presence to dictate your security boundaries.
ScramClient client = ScramClient.builder()
.advertisedMechanisms(serverMechanisms)
.username(user)
.password(pass)
// Explicitly enforce strict boundaries if needed.
.channelBindingPolicy(ChannelBindingPolicy.REQUIRE)
.channelBinding(TlsServerEndpoint.TLS_SERVER_END_POINT, certHash)
.build();Articles & Coverage 1
AnalysisAI
TLS channel-binding downgrade in the ongres scram-client Java library (com.ongres.scram) lets a network man-in-the-middle silently strip SCRAM-SHA-256-PLUS down to plain SCRAM-SHA-256, defeating clients that explicitly require channel binding (e.g. channelBinding=require in pgJDBC). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the simultaneous presence of three concrete conditions: (1) the attacker holds an active TLS man-in-the-middle position on the connection; (2) the server (or the attacker's substituted certificate) uses an X.509 signature algorithm that lacks a traditional 'WITH' name - specifically Ed25519 or post-quantum algorithms - which is what triggers the unhandled NoSuchAlgorithmException; and (3) the downstream client is explicitly configured to strictly enforce channel binding (e.g. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS score or vector was supplied by NVD or the vendor, so severity signals must be inferred. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker positioned to intercept TLS between a client and a PostgreSQL-compatible server (e.g. via ARP/DNS spoofing or a rogue network hop) presents a substitute certificate signed with Ed25519. … |
| Remediation | Upgrade the SCRAM dependency to version 3.3 or later, which introduces strict exception propagation (the swallowed NoSuchAlgorithmException is now surfaced) and an explicit ChannelBindingPolicy API; update your Maven/Gradle configuration to pull com.ongres.scram:scram-client 3.3+ and rebuild. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Scan all infrastructure and applications to identify components using com.ongres.scram or com.ongres:scram-client library and document current versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m
Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti
Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent
Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug
JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Up
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow
Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during
Same weakness CWE-636 – Not Failing Securely ('Failing Open')
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-p9jg-fcr6-3mhf