These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-6667 describes an authorization flaw in PgBouncer before 1.25.2 affecting the KILL_CLIENT admin command. According to the NVD record and the linked PgBouncer changelog, users who could access the administration console were able to run this command even though it should have been limited to users listed in admin_users. The issue is rated CVSS 4.3 (Medium) and is primarily an availability concern.
CVE-2026-6666 describes a crash risk in PgBouncer before 1.25.2 when a server sends an error response that does not include an SQLSTATE field. The issue is categorized as a null pointer reference and rates Medium severity (CVSS 5.9). The primary operational concern is availability: affected PgBouncer instances may terminate or become unstable after receiving the triggering error response.
CVE-2026-6665 is a high-severity PgBouncer issue in the SCRAM code path. According to the CVE description and PgBouncer changelog reference, versions before 1.25.2 did not correctly check the return value of strlcat() while building the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow.
CVE-2026-6664 is a high-severity availability issue in PgBouncer before 1.25.2. According to the NVD entry and the vendor changelog reference, an integer overflow in network packet parsing can bypass a boundary check, and an unauthenticated remote attacker can crash PgBouncer by sending a malformed SCRAM authentication packet.