Sysown Proxysql vulnerabilities
3 known vulnerabilities affecting sysown/proxysql.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-48773P2CRITICALCVSS 9.8v>= 2.0.18, < 3.0.92026-06-19
CVE-2026-48773 [CRITICAL] CWE-787 CVE-2026-48773: ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 ha
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can declare an oversized first packet length, and ProxySQL passes that attacker-controlled length dir
nvd
CVE-2026-48772P3CRITICALCVSS 10.0v>= 2.0.0, < 3.0.92026-06-19
CVE-2026-48772 [CRITICAL] CWE-348 CVE-2026-48772: ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8,
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the `PROXY UNKNOWN \r\n` PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is `UNKNOWN`, the receiver MUST ignore any address fields t
nvd
CVE-2026-48774P3HIGHCVSS 7.5v>= 3.0.6, < 3.0.92026-06-19
CVE-2026-48774 [HIGH] CWE-20 CVE-2026-48774: ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8,
ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP `run_sql_readonly` tool violates its documented read-only contract for MySQL targets. The tool validates only the full input string with a substring blacklist and first-keyword allowlist, but then executes the entire SQL string on a
nvd