Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-6667
Received
More InfoOfficial Page
Source-f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
View Known Exploited Vulnerability (KEV) details
Published At-09 May, 2026 | 01:16
Updated At-09 May, 2026 | 01:16

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization) could run this command. It would have been correct to allow only users listed in the admin_users parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-862Secondaryf86ef6dc-4d3a-42ad-8f28-e6d5547a5007
CWE ID: CWE-862
Type: Secondary
Source: f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.pgbouncer.org/changelog.html#pgbouncer-125xf86ef6dc-4d3a-42ad-8f28-e6d5547a5007
N/A
Hyperlink: https://www.pgbouncer.org/changelog.html#pgbouncer-125x
Source: f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
Resource: N/A
Change History
0Changes found
Details not found