CVE-2026-6665
High
Published: 09 May 2026
Published
09 May 2026
Modified
09 May 2026
KEV Added
—
Patch
—
CVSS Score
8.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0002
4.3th percentile
Risk Priority
16
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2026-6665 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Pgbouncer (inferred from references). Its CVSS base score is 8.1 (High).
Operationally, ranked at the 4.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
NVD Description
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack…
more
overflow.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)
Affected Products
Pgbouncer
—
inferred from references and description; NVD did not file a CPE for this CVE
CVEs Like This One
CVE-2025-70219Shared CWE-121
CVE-2026-29972Shared CWE-121
CVE-2025-60690Shared CWE-121
CVE-2026-4444Shared CWE-121
CVE-2025-61128Shared CWE-121
CVE-2019-25319Shared CWE-121
CVE-2026-22923Shared CWE-121
CVE-2025-69195Shared CWE-121
CVE-2020-37124Shared CWE-121
CVE-2026-22904Shared CWE-121