CVE-2026-6666
Received
Received - Intake
Null Pointer Dereference in PgBouncer
Publication date: 2026-05-09
Last updated on: 2026-05-09
Assigner: PostgreSQL
Description
Description
A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pgbouncer | pgbouncer | to 1.25.2 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a possible null pointer reference in PgBouncer versions before 1.25.2. It occurs when a server sends an error response that lacks the SQLSTATE field, which can cause PgBouncer to crash.
How can this vulnerability impact me? :
The impact of this vulnerability is that PgBouncer may crash if it receives an error response without the SQLSTATE field. This can lead to denial of service, affecting the availability of the database connection pooling service.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70