Description
A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
Published: 2026-05-09
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a null pointer dereference that occurs in PgBouncer’s "kill_pool_logins_server_error" routine when a server returns an error response lacking an SQLSTATE field. This flaw can terminate the PgBouncer process, causing a denial of service. The weakness is classified as CWE‑476, indicating an improper null dereference. The impact is limited to availability disruption; confidentiality or integrity is not compromised.

Affected Systems

The affected product is PgBouncer, as identified by the CNA. Versions prior to 1.25.2 are vulnerable. Affected users running any 1.24.x, 1.25.x, or older releases should verify their current version.

Risk and Exploitability

With a CVSS score of 5.9, the vulnerability carries a moderate severity rating. EPSS data are not available, and the flaw is not listed in the CISA KEV catalog. The likely attack vector involves a server intentionally or unintentionally sending an error response without an SQLSTATE field, which is plausible in a misconfigured or faulty backend. Because the flaw only leads to a crash, it does not provide code execution or data exfiltration, but it can still disrupt service continuity for all connected clients.

Generated by OpenCVE AI on May 9, 2026 at 03:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PgBouncer to version 1.25.2 or later, the first release that addresses the crash vulnerability.
  • Ensure backend servers are configured to include SQLSTATE in error responses to avoid the null dereference scenario.
  • Implement process monitoring to automatically restart PgBouncer if a crash occurs, providing rapid restoration of service.

Generated by OpenCVE AI on May 9, 2026 at 03:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Pgbouncer
Pgbouncer pgbouncer
Vendors & Products Pgbouncer
Pgbouncer pgbouncer

Sat, 09 May 2026 01:15:00 +0000

Type Values Removed Values Added
Description A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
Title PgBouncer crash in kill_pool_logins_server_error
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Pgbouncer Pgbouncer
cve-icon MITRE

Status: PUBLISHED

Assigner: PostgreSQL

Published:

Updated: 2026-05-09T00:43:49.952Z

Reserved: 2026-04-20T12:25:44.609Z

Link: CVE-2026-6666

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-09T01:16:09.153

Modified: 2026-05-09T01:16:09.153

Link: CVE-2026-6666

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T04:00:14Z

Weaknesses