{"uuid": "405e9c1b-50d6-4daa-9330-afba6bf20f14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6664", "type": "seen", "source": "https://bsky.app/profile/pgexperts.bsky.social/post/3mmpk2g736r2r", "content": "PgBouncer 1.25.2 fixes CVE-2026-6664: pre-auth integer overflow in the SCRAM packet parser. CVSS 7.5, DoS only, but unauthenticated and network-reachable.\n\nThe vendor workaround is \"don't use SCRAM,\" which isn't a workaround. Patch.\n\nwww.pgbouncer.org/changelog.html\n\npgexperts.com", "creation_timestamp": "2026-05-25T22:36:01.873223Z"}