Postgresql Jdbc Driver

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-49146 HIGH PATCH This Week

The PostgreSQL JDBC driver (pgjdbc) versions 42.7.4 through 42.7.6 contain an authentication bypass vulnerability where channel binding validation is incorrectly disabled, allowing man-in-the-middle attackers to intercept connections that administrators configured to require channel binding protection. Affected users running pgjdbc with channel binding set to 'required' (a non-default but security-conscious configuration) are vulnerable to credential interception and session hijacking despite believing their connections are protected. The vulnerability is fixed in version 42.7.7.

PostgreSQL Authentication Bypass Java Postgresql Jdbc Driver Redhat +1
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-49146
EPSS 0% CVSS 8.2
HIGH PATCH This Week

The PostgreSQL JDBC driver (pgjdbc) versions 42.7.4 through 42.7.6 contain an authentication bypass vulnerability where channel binding validation is incorrectly disabled, allowing man-in-the-middle attackers to intercept connections that administrators configured to require channel binding protection. Affected users running pgjdbc with channel binding set to 'required' (a non-default but security-conscious configuration) are vulnerable to credential interception and session hijacking despite believing their connections are protected. The vulnerability is fixed in version 42.7.7.

PostgreSQL Authentication Bypass Java +3
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy