CVE-2026-6664

PgBouncer integer overflow in PgBouncer network packet parsing

CVSS 7.5 HIGHEPSS 0.7%CWE-190

Vexday Risk Score

41Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 7.5EPSS 0.7%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

09 May 2026Published on NVD

12 May 2026Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

n/a · PgBouncer

public PoCs found — 1

githubgithub.com/nicolasjulian/bouncer-overflow★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.pgbouncer.org/changelog.html#pgbouncer-125x