CVE-2026-6667 — Vulnetix

CVE-2026-6667 PUBLISHED CVSS 4.300000190734863 MEDIUM

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization) could run this command. It would have been correct to allow only users listed in the admin_users parameter.

EPSS 0.01% · 2.3th percentile

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS Score

0.01%

2.3th percentile

Affected Products

Vendor	Product	Versions
n/a	PgBouncer	0

Timeline

May 9, 2026 EPSS Score
May 9, 2026 CVE Published
May 9, 2026 Security Advisory
May 13, 2026 Security Advisory
May 13, 2026 Security Advisory
May 13, 2026 Security Advisory
May 13, 2026 Security Advisory
May 13, 2026 Security Advisory
May 13, 2026 Security Advisory
May 13, 2026 Security Advisory
May 13, 2026 Security Advisory
May 13, 2026 Security Advisory

References

https://www.pgbouncer.org/changelog.html#pgbouncer-125x url
https://nvd.nist.gov/vuln/detail/CVE-2026-6667 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33110 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6664 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32185 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41602 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45130 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48431 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-6665 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41103 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35439 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32177 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41610 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40417 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42898 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41614 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41612 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40374 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41636 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44656 advisory

…and 16 more

Open in Interactive Console →