PatchSiren

pgjdbc CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH pgjdbc CVE published 2026-04-29

CVE-2026-42198

CVE-2026-42198 is a high-severity vulnerability in the PostgreSQL JDBC Driver (pgjdbc) that allows for a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count, causing the client to spend an unbounded amount of CPU time inside PBKDF2 before authentication can fail. This issue has been [truncated]