HIGH
pgjdbc
CVE published 2026-04-29
CVE-2026-42198
CVE-2026-42198 is a high-severity vulnerability in the PostgreSQL JDBC Driver (pgjdbc) that allows for a client-side denial of service during SCRAM-SHA-256 authentication. A malicious server can instruct the driver to perform SCRAM authentication with a very large iteration count, causing the client to spend an unbounded amount of CPU time inside PBKDF2 before authentication can fail. This issue has been [truncated]