CVE-2026-6664

Daily digests

An integer overflow in PgBouncer's network packet parser lets a remote attacker send a crafted packet that could crash the connection pooler or potentially corrupt memory. PgBouncer typically sits in front of PostgreSQL and handles every client connection, so a crash here takes your database offline for every app behind it.

• Patch Tuesday · May 13, 2026

  Patch Tuesday May 2026: DNS + Netlogon at 9.8, 19 more