Vulnerability in Pgjdbc

CVE-2026-54291

pgjdbc is an open source postgresql JDBC Driver. In releases 42.7.4 through 42.7.11, channelBinding=require connections can be silently downgraded from SCRAM-SHA-256-PLUS with channel binding to plain SCRAM-SHA-256 without it, losing the m…

Affected products

  • Pgjdbc — versions >= 42.7.4, < 42.7.12

Weakness classification (CWE)

References