Nixpkgs security tracker

Permalink CVE-2026-6665

8.1 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 5 hours ago by @LeSuisse Activity log

Created suggestion 18 hours ago
@LeSuisse ignored package prometheus-pgbouncer-exporter 5 hours ago
@LeSuisse accepted 5 hours ago
@LeSuisse published on GitHub 5 hours ago

PgBouncer buffer overflow in SCRAM

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow.

References

https://www.pgbouncer.org/changelog.html#pgbouncer-125x

Affected products

PgBouncer

<1.25.2

Matching in nixpkgs

pkgs.pgbouncer

Lightweight connection pooler for PostgreSQL

nixos-unstable 1.25.1
- nixpkgs-unstable 1.25.1
- nixos-unstable-small 1.25.1
nixos-25.11 1.25.1
- nixos-25.11-small 1.25.1
- nixpkgs-25.11-darwin 1.25.1

Ignored packages (1)

pkgs.prometheus-pgbouncer-exporter

Prometheus exporter for PgBouncer

nixos-unstable 0.12.0
- nixpkgs-unstable 0.12.0
- nixos-unstable-small 0.12.0
nixos-25.11 0.11.0
- nixos-25.11-small 0.11.0
- nixpkgs-25.11-darwin 0.11.0

Package maintainers

@1000101 Jan Hrnko <b1000101@pm.me>

Permalink CVE-2026-6666

5.9 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 5 hours ago by @LeSuisse Activity log

Created suggestion 18 hours ago
@LeSuisse ignored package prometheus-pgbouncer-exporter 5 hours ago
@LeSuisse accepted 5 hours ago
@LeSuisse published on GitHub 5 hours ago

PgBouncer crash in kill_pool_logins_server_error

A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.

References

https://www.pgbouncer.org/changelog.html#pgbouncer-125x

Affected products

PgBouncer

<1.25.2

Matching in nixpkgs

pkgs.pgbouncer

Lightweight connection pooler for PostgreSQL

nixos-unstable 1.25.1
- nixpkgs-unstable 1.25.1
- nixos-unstable-small 1.25.1
nixos-25.11 1.25.1
- nixos-25.11-small 1.25.1
- nixpkgs-25.11-darwin 1.25.1

Ignored packages (1)

pkgs.prometheus-pgbouncer-exporter

Prometheus exporter for PgBouncer

nixos-unstable 0.12.0
- nixpkgs-unstable 0.12.0
- nixos-unstable-small 0.12.0
nixos-25.11 0.11.0
- nixos-25.11-small 0.11.0
- nixpkgs-25.11-darwin 0.11.0

Package maintainers

@1000101 Jan Hrnko <b1000101@pm.me>

Permalink CVE-2026-6667

4.3 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

updated 5 hours ago by @LeSuisse Activity log

Created suggestion 18 hours ago
@LeSuisse ignored package prometheus-pgbouncer-exporter 5 hours ago
@LeSuisse accepted 5 hours ago
@LeSuisse published on GitHub 5 hours ago

PgBouncer missing authorization check in KILL_CLIENT admin command

PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console (which itself requires authorization) could run this command. It would have been correct to allow only users listed in the admin_users parameter.

References

https://www.pgbouncer.org/changelog.html#pgbouncer-125x

Affected products

PgBouncer

<1.25.2

Matching in nixpkgs

pkgs.pgbouncer

Lightweight connection pooler for PostgreSQL

nixos-unstable 1.25.1
- nixpkgs-unstable 1.25.1
- nixos-unstable-small 1.25.1
nixos-25.11 1.25.1
- nixos-25.11-small 1.25.1
- nixpkgs-25.11-darwin 1.25.1

Ignored packages (1)

pkgs.prometheus-pgbouncer-exporter

Prometheus exporter for PgBouncer

nixos-unstable 0.12.0
- nixpkgs-unstable 0.12.0
- nixos-unstable-small 0.12.0
nixos-25.11 0.11.0
- nixos-25.11-small 0.11.0
- nixpkgs-25.11-darwin 0.11.0

Package maintainers

@1000101 Jan Hrnko <b1000101@pm.me>

Permalink CVE-2026-6664

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 5 hours ago by @LeSuisse Activity log

Created suggestion 18 hours ago
@LeSuisse ignored package prometheus-pgbouncer-exporter 5 hours ago
@LeSuisse accepted 5 hours ago
@LeSuisse published on GitHub 5 hours ago

PgBouncer integer overflow in PgBouncer network packet parsing

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet.

References

https://www.pgbouncer.org/changelog.html#pgbouncer-125x

Affected products

PgBouncer

<1.25.2

Matching in nixpkgs

pkgs.pgbouncer

Lightweight connection pooler for PostgreSQL

nixos-unstable 1.25.1
- nixpkgs-unstable 1.25.1
- nixos-unstable-small 1.25.1
nixos-25.11 1.25.1
- nixos-25.11-small 1.25.1
- nixpkgs-25.11-darwin 1.25.1

Ignored packages (1)

pkgs.prometheus-pgbouncer-exporter

Prometheus exporter for PgBouncer

nixos-unstable 0.12.0
- nixpkgs-unstable 0.12.0
- nixos-unstable-small 0.12.0
nixos-25.11 0.11.0
- nixos-25.11-small 0.11.0
- nixpkgs-25.11-darwin 0.11.0

Package maintainers

@1000101 Jan Hrnko <b1000101@pm.me>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.pgbouncer

pkgs.prometheus-pgbouncer-exporter

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.pgbouncer

pkgs.prometheus-pgbouncer-exporter

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.pgbouncer

pkgs.prometheus-pgbouncer-exporter

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.pgbouncer

pkgs.prometheus-pgbouncer-exporter

Package maintainers