exploit-intel.com
Critical Integer Overflow Vulnerability in PgBouncer (CVE-2026-6664)
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A critical integer overflow vulnerability (CVE-2026-6664) has been identified in PgBouncer versions prior to 1.25.2. This flaw allows unauthenticated remote attackers to crash the service by sending a malformed SCRAM authentication packet. The vulnerability bypasses a boundary check in the network packet parsing code, specifically in the `mbuf_get_bytes()` function. A proof-of-concept exploit demonstrating this denial-of-service condition was released on May 13, 2026. Affected versions include all PgBouncer releases up to and including 1.25.1. System administrators are urged to upgrade to version 1.25.2 or later to mitigate this risk. The vulnerability was published on May 9, 2026, and poses a significant threat to systems using PgBouncer for connection pooling.
Key Points: • CVE-2026-6664 allows unauthenticated remote attackers to crash PgBouncer. • The vulnerability affects all versions of PgBouncer prior to 1.25.2. • A proof-of-concept exploit was made public on May 13, 2026.