Skip to main content

PgBouncer CVE-2026-6666

| EUVD-2026-28878 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-09 PostgreSQL GHSA-4463-8rvf-rj9f
Denial Of Service Null Pointer Dereference
5.9
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Patch available
May 09, 2026 - 02:16 EUVD
Analysis Generated
May 09, 2026 - 01:32 vuln.today
CVE Published
May 09, 2026 - 00:43 nvd
MEDIUM 5.9

DescriptionNVD

A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.

AnalysisAI

PgBouncer before version 1.25.2 crashes when a backend PostgreSQL server sends an error response lacking an SQLSTATE field, enabling denial of service against connection pooling infrastructure. The vulnerability requires an attacker to control or compromise a PostgreSQL backend server or intercept server responses on the network, making exploitation conditional on non-default network topology or server compromise. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-6666 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy