Medium severity5.9NVD Advisory· Published May 9, 2026· Updated May 14, 2026
CVE-2026-6666
CVE-2026-6666
Description
A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9- osv-coords7 versionspkg:apk/chainguard/pgbouncerpkg:apk/chainguard/pgbouncer-docpkg:apk/chainguard/pgbouncer-iamguarded-compatpkg:apk/wolfi/pgbouncerpkg:apk/wolfi/pgbouncer-docpkg:apk/wolfi/pgbouncer-iamguarded-compatpkg:bitnami/pgbouncer
< 1.25.2-r0+ 6 more
- (no CPE)range: < 1.25.2-r0
- (no CPE)range: < 1.25.2-r0
- (no CPE)range: < 1.25.2-r0
- (no CPE)range: < 1.25.2-r0
- (no CPE)range: < 1.25.2-r0
- (no CPE)range: < 1.25.2-r0
- (no CPE)range: < 1.25.2
Patches
Vulnerability mechanics
References
1- www.pgbouncer.org/changelog.htmlnvdRelease Notes
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026