CRITICAL
ProxySQL
CVE published 2026-06-19
CVE-2026-48773
CVE-2026-48773 is a critical pre-authentication heap memory corruption vulnerability in ProxySQL, a popular proxy for MySQL and PostgreSQL. The issue affects versions 2.0.18 through 3.0.8. An unauthenticated remote client can exploit this vulnerability by declaring an oversized first packet length, causing ProxySQL to pass the attacker-controlled length directly to `recv()` while writing into a fixed 32 K [truncated]