CVE-2026-54291
Awaiting Analysis Awaiting Analysis - Queue

Channel Binding Bypass in pgjdbc JDBC Driver

Vulnerability report for CVE-2026-54291, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: GitHub, Inc.

Description

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the man-in-the-middle protection the setting is meant to guarantee. An attacker who can intercept the TLS connection can trigger the downgrade with a certificate whose signature algorithm has no tls-server-end-point channel-binding hash, because the bundled com.ongres.scram:scram-client returns an empty byte array instead of failing and pgJDBC ScramAuthenticator checks only that the server advertised a PLUS mechanism, without rejecting the empty binding or checking that the negotiated mechanism uses channel binding. This issue is fixed in version 42.7.12.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
postgresql pgjdbc From 42.7.4 (inc) to 42.7.11 (inc)
postgresql pgjdbc 42.7.12
pgjdbc pgjdbc From 42.7.4 (inc) to 42.7.11 (inc)
pgjdbc pgjdbc 42.7.12
com.ongres.scram scram-client 3.3

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-636 When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.
CWE-757 A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-54291 is a high-severity vulnerability in the PostgreSQL JDBC driver (pgJDBC) versions 42.7.4 through 42.7.11. It involves a silent downgrade of channel-binding authentication from SCRAM-SHA-256-PLUS, which provides protection against man-in-the-middle attacks, to plain SCRAM-SHA-256, which lacks this protection.

This downgrade happens when the server certificate uses unsupported signature algorithms such as Ed25519, Ed448, or post-quantum algorithms. The scram-client library returns an empty byte array instead of failing when it cannot derive the channel-binding hash, and pgJDBC does not properly enforce channel-binding requirements, allowing the downgrade to occur silently.

An attacker who can intercept the TLS connection can exploit this to bypass the intended man-in-the-middle protection guaranteed by the channelBinding=require setting.

The issue is fixed in pgJDBC version 42.7.12, which enforces strict channel-binding checks and fails the connection if a valid channel-binding hash cannot be derived.

Compliance Impact

This vulnerability allows a silent downgrade of channel-binding authentication from SCRAM-SHA-256-PLUS, which provides man-in-the-middle protection, to plain SCRAM-SHA-256 without such protection. This weakening of authentication security could potentially expose sensitive data to interception during TLS connections.

Since standards and regulations like GDPR and HIPAA require strong protections for data in transit to prevent unauthorized access and ensure data integrity and confidentiality, this vulnerability may undermine compliance by allowing attackers to bypass intended security guarantees.

The vulnerability affects only connections explicitly configured with channelBinding=require, and no workarounds exist other than upgrading to a fixed version or verifying server certificates at the TLS layer.

Therefore, failure to address this vulnerability could lead to non-compliance with security requirements in these regulations due to weakened protection against man-in-the-middle attacks.

Impact Analysis

This vulnerability can impact you by allowing an attacker positioned as a man-in-the-middle to downgrade your secure authentication mechanism from SCRAM-SHA-256-PLUS to plain SCRAM-SHA-256.

As a result, the connection loses the protection against man-in-the-middle attacks that channel binding is supposed to provide, potentially exposing sensitive authentication credentials.

This could lead to unauthorized access or interception of data during authentication, compromising the security of your PostgreSQL database connections.

The vulnerability only affects connections explicitly configured with channelBinding=require, and no workarounds exist other than upgrading to pgJDBC version 42.7.12 or later.

As a temporary mitigation, users can enforce strict server certificate verification at the TLS layer by setting sslmode=verify-full with a truststore containing only the server's CA.

Detection Guidance

This vulnerability involves a silent downgrade of channel-binding authentication from SCRAM-SHA-256-PLUS to plain SCRAM-SHA-256 when the server certificate uses unsupported signature algorithms such as Ed25519 or Ed448.

Detection involves verifying whether your PostgreSQL JDBC driver (pgJDBC) connections configured with channelBinding=require are actually negotiating SCRAM-SHA-256-PLUS mechanisms or silently falling back to plain SCRAM-SHA-256.

Since the downgrade is silent, direct network detection is difficult without inspecting the authentication mechanism negotiation in the PostgreSQL protocol.

A practical approach is to check the pgJDBC driver version in use and the TLS server certificate signature algorithm.

  • Check pgJDBC driver version: Ensure it is 42.7.12 or later to have the fix.
  • Inspect the server certificate signature algorithm to see if it uses unsupported algorithms like Ed25519 or Ed448.
  • Enable detailed logging on the client side to capture authentication negotiation details.

Suggested commands include:

  • Use `openssl s_client -connect <server>:<port> -showcerts` to inspect the server certificate and its signature algorithm.
  • Check the pgJDBC driver version in your application dependencies or logs.
  • Enable verbose logging in your Java application or PostgreSQL server to monitor SCRAM authentication mechanisms negotiated.
Mitigation Strategies

The primary and recommended mitigation is to upgrade the pgJDBC driver to version 42.7.12 or later, where the vulnerability is fixed.

In the fixed version, the driver enforces strict channel-binding requirements and will fail connections if the server certificate does not support channel binding, preventing silent downgrades.

If upgrading immediately is not possible, a temporary measure is to enforce strict TLS verification by setting sslmode=verify-full and using a truststore that contains only the server's CA certificate.

This ensures that the TLS connection is properly verified and reduces the risk of man-in-the-middle attacks exploiting the downgrade.

No other workarounds exist for affected releases besides upgrading.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54291. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart