CVE-2026-6664
published 2026-05-09CVE-2026-6664: An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote…
PriorityP180high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.70%
48.4th percentile
An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pgbouncer | pgbouncer | < 1.25.2 | 1.25.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target service is PgBouncer; attack vector is a malformed SCRAM authentication packet sent during the authentication phase, exploiting an integer overflow in network packet parsing code to bypass a boundary check and crash the process ↗
- →No authentication required to trigger the crash — monitor for unauthenticated connections to PgBouncer that send malformed/unexpected data during the SCRAM authentication handshake ↗
- ·Only PgBouncer versions before 1.25.2 are vulnerable; upgrade to 1.25.2 or later to remediate ↗
- ·The vulnerability is present in the SCRAM authentication packet parsing path; deployments using SCRAM authentication are directly exposed to unauthenticated exploitation ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
PgBouncer up to 1.25.1 Network Packet integer overflow (Nessus ID 313599)
vuldb·2026-05-10·CVSS 7.5
CVE-2026-6664 [HIGH] PgBouncer up to 1.25.1 Network Packet integer overflow (Nessus ID 313599)
A vulnerability marked as problematic has been reported in PgBouncer up to 1.25.1. This affects an unknown function of the component Network Packet Handler. This manipulation causes integer overflow.
The identification of this vulnerability is CVE-2026-6664. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to upgrade the affected component.
GHSA
GHSA-pmgp-q838-fh9g: An integer overflow in network packet parsing code in PgBouncer before 1
ghsa_unreviewed·2026-05-09
CVE-2026-6664 [HIGH] CWE-190 GHSA-pmgp-q838-fh9g: An integer overflow in network packet parsing code in PgBouncer before 1
An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.
VulnCheck
pgbouncer pgbouncer Integer Overflow or Wraparound
vulncheck·2026·CVSS 7.5
CVE-2026-6664 [HIGH] pgbouncer pgbouncer Integer Overflow or Wraparound
pgbouncer pgbouncer Integer Overflow or Wraparound
An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.
Affected: PgBouncer PgBouncer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://ccb.belgium.be/advisories/warning-actively-exploited-integer-overflow-pgbouncer-patch-immediately
No detection rules found.
Rapid7
Patch Tuesday - May 2026
blogs_rapid7·2026-05-13·CVSS 10.0
CVE-2026-41089 [CRITICAL] Patch Tuesday - May 2026
Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above.
## Windows Netlogon: critical RCE
Anyone responsible for securing a domain controller should prioritize remediation of CVE-2026-41089 , which is a critical stack-based buffer overflow in Windows Netlogon with a CVSS v3 base score of 9.8. Exploitation leads to execution in the context of the Netlogon service, so that’s SYSTEM privileges on the domain controller. For most pentesters, that’s the point at which the customer report more or less writes itself. No privileges
Bugzilla
CVE-2026-6664 pgbouncer: PgBouncer: Denial of Service via malformed SCRAM authentication packet [fedora-all]
bugzilla·2026-05-15·CVSS 7.5
CVE-2026-6664 [HIGH] CVE-2026-6664 pgbouncer: PgBouncer: Denial of Service via malformed SCRAM authentication packet [fedora-all]
CVE-2026-6664 pgbouncer: PgBouncer: Denial of Service via malformed SCRAM authentication packet [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6664 pgbouncer: PgBouncer: Denial of Service via malformed SCRAM authentication packet [epel-all]
bugzilla·2026-05-15·CVSS 7.5
CVE-2026-6664 [HIGH] CVE-2026-6664 pgbouncer: PgBouncer: Denial of Service via malformed SCRAM authentication packet [epel-all]
CVE-2026-6664 pgbouncer: PgBouncer: Denial of Service via malformed SCRAM authentication packet [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-6664 PgBouncer: PgBouncer: Denial of Service via malformed SCRAM authentication packet
bugzilla·2026-05-09·CVSS 7.5
CVE-2026-6664 [HIGH] CVE-2026-6664 PgBouncer: PgBouncer: Denial of Service via malformed SCRAM authentication packet
CVE-2026-6664 PgBouncer: PgBouncer: Denial of Service via malformed SCRAM authentication packet
An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.
2026-05-09
Published
Exploited in the wild