Low severity2.4GHSA Advisory· Published Jun 18, 2026· Updated Jun 18, 2026

PGHoard: Password written to debug log

CVE-2026-54711

Description

Impact

When using .pgpass, database connection information including the username and password will be logged at the debug level.

Patches

Upgrade to version 2.7.1 or greater.

Workarounds

Filter out debug-level logs.

References

This issue was discovered by BugCrowd user DRAKOKORIAN.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Aiven Open/PghoardGHSA
Range: <= 2.1.0

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

github.com/advisories/GHSA-mpx4-jmpr-vm8vghsaADVISORY
github.com/Aiven-Open/pghoard/security/advisories/GHSA-mpx4-jmpr-vm8vghsa

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000