## PgBouncer CVE-2026-6664: Unauthenticated Remote Crash via Integer Overflow in SCRAM Parsing A high-severity integer overflow vulnerability in PgBouncer enables unauthenticated remote attackers to crash the PostgreSQL connection pooler by exploiting a flaw in SCRAM authentication packet parsing. Tracked as CVE-2026-6664 with a CVSS score of 7.5, the vulnerability affects all PgBouncer versions prior to 1.25.2 and requires no credentials to exploit—only network access to the target instance. The flaw resides in network packet parsing code where an integer overflow bypasses a critical boundary check. When PgBouncer processes a malformed SCRAM authentication packet, the overflow circumvents validation logic that would normally prevent the malformed data from triggering a crash. This allows an attacker to send a single crafted packet and force the pooler to terminate, disrupting all database connections routing through it. The attack surface is particularly concerning because SCRAM authentication is designed to enhance security, yet here the authentication mechanism itself becomes the vector for denial-of-service. Organizations running PgBouncer instances exposed to untrusted networks face immediate risk. As a connection pooler, PgBouncer typically sits at a critical infrastructure chokepoint, managing thousands of persistent connections between applications and PostgreSQL databases. A crash doesn't merely restart a service—it severs active application-to-database connectivity, potentially cascading into broader service outages. The fix requires upgrading to PgBouncer 1.25.2 or later. Infrastructure teams should audit deployment architectures for PgBouncer instances accessible from external networks and prioritize patching, particularly in environments where the pooler handles production database traffic. --- - **Source**: Mastodon:mastodon.social:#infosec - **Sector**: The Lab - **Tags**: CVE-2026-6664, PgBouncer, integer overflow, SCRAM authentication, denial of service - **Credibility**: unverified - **Published**: 2026-05-09 07:31:49 - **ID**: 81041 - **URL**: https://whisperx.ai/en/intel/81041