CVE-2026-48773
published 2026-06-19CVE-2026-48773: ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.36%
27.7th percentile
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can declare an oversized first packet length, and ProxySQL passes that attacker-controlled length directly to `recv()` while writing into a fixed 32 KB input queue. Version 3.0.9 patches the issue.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sysown | proxysql | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is exploitable pre-authentication on MySQL and PostgreSQL protocol first-read paths; monitor for unauthenticated connections sending oversized first packet length values to ProxySQL listener ports ↗
- →Affected versions are ProxySQL 2.0.18 through 3.0.8; detect presence of these versions in the environment as a risk indicator ↗
- →The vulnerability allows arbitrary code execution via heap memory corruption; alert on unexpected process spawning or crashes originating from the proxysql process ↗
- ·The fixed version is 3.0.9; any ProxySQL deployment running versions 2.0.18 through 3.0.8 is vulnerable and should be upgraded immediately ↗
- ·Both MySQL and PostgreSQL protocol listeners in ProxySQL are affected; the vulnerability exists in both first-read paths, so all listener interfaces must be considered exposed ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-48773 proxysql: ProxySQL: Arbitrary code execution via pre-authentication heap memory corruption [fedora-all]
bugzilla·2026-06-23·CVSS 9.8
CVE-2026-48773 [CRITICAL] CVE-2026-48773 proxysql: ProxySQL: Arbitrary code execution via pre-authentication heap memory corruption [fedora-all]
CVE-2026-48773 proxysql: ProxySQL: Arbitrary code execution via pre-authentication heap memory corruption [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48773 proxysql: ProxySQL: Arbitrary code execution via pre-authentication heap memory corruption
bugzilla·2026-06-19·CVSS 9.8
CVE-2026-48773 [CRITICAL] CVE-2026-48773 proxysql: ProxySQL: Arbitrary code execution via pre-authentication heap memory corruption
CVE-2026-48773 proxysql: ProxySQL: Arbitrary code execution via pre-authentication heap memory corruption
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can declare an oversized first packet length, and ProxySQL passes that attacker-controlled length directly to `recv()` while writing into a fixed 32 KB input queue. Version 3.0.9 patches the issue.
2026-06-19
Published