ByteOS Network

CVE Vulnerability Details :

CVE-2026-6666

PUBLISHED

More Info Official Page

Assigner-PostgreSQL

Assigner Org ID-f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Published At-09 May, 2026 | 00:43

Updated At-09 May, 2026 | 00:43

▼CVE Numbering Authority (CNA)

PgBouncer crash in kill_pool_logins_server_error

A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.

Affected Products

Vendor

n/a

Product

PgBouncer

Default Status

unaffected

Versions

Affected

From 0 before 1.25.2 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-476	NULL Pointer Dereference

Type: CWE

CWE ID: CWE-476

Description: NULL Pointer Dereference

Metrics

Version	Base score	Base severity	Vector
3.1	5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 5.9

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Credits

finder

Thanks to HarutoKimura for finding and reporting this problem.

References

Hyperlink	Resource
https://www.pgbouncer.org/changelog.html#pgbouncer-125x	N/A

Hyperlink: https://www.pgbouncer.org/changelog.html#pgbouncer-125x

Resource: N/A

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References