cbcvebase.
CVE-2026-48773
published 2026-06-19

CVE-2026-48773: ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.36%
27.7th percentile
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can declare an oversized first packet length, and ProxySQL passes that attacker-controlled length directly to `recv()` while writing into a fixed 32 KB input queue. Version 3.0.9 patches the issue.

Affected

1 ranges
VendorProductVersion rangeFixed in
sysownproxysql

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is exploitable pre-authentication on MySQL and PostgreSQL protocol first-read paths; monitor for unauthenticated connections sending oversized first packet length values to ProxySQL listener ports
  • Affected versions are ProxySQL 2.0.18 through 3.0.8; detect presence of these versions in the environment as a risk indicator
  • The vulnerability allows arbitrary code execution via heap memory corruption; alert on unexpected process spawning or crashes originating from the proxysql process
  • ·The fixed version is 3.0.9; any ProxySQL deployment running versions 2.0.18 through 3.0.8 is vulnerable and should be upgraded immediately
  • ·Both MySQL and PostgreSQL protocol listeners in ProxySQL are affected; the vulnerability exists in both first-read paths, so all listener interfaces must be considered exposed
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.