Known Vulnerabilities for products from Pgbouncer
Listed below are 8 of the newest known vulnerabilities associated with the vendor "Pgbouncer".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-6667 json | PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with ... | Not Provided | 2026-05-09 | 2026-05-14 |
| CVE-2026-6666 json | A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response witho... | Not Provided | 2026-05-09 | 2026-05-14 |
| CVE-2026-6665 json | The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of... | Not Provided | 2026-05-09 | 2026-05-14 |
| CVE-2026-6664 json | An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a cra... | Not Provided | 2026-05-09 | 2026-05-14 |
| CVE-2021-3935 json | When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when... | 8.1 - HIGH | 2021-11-22 | 2023-11-07 |
| CVE-2021-3672 json | A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers... | 5.6 - MEDIUM | 2021-11-23 | 2024-01-05 |
| CVE-2015-6817 json | PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via a... | Not Provided | 2017-05-23 | 2025-04-20 |
| CVE-2015-4054 json | PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a... | Not Provided | 2017-05-23 | 2025-04-20 |
Known software with vulnerabilities from Pgbouncer
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Pgbouncer | Pgbouncer | 1.0 |