-
CVE-2026-2005 and CVE-2026-2006 are pgcrypto RCEs that have been latent since 2005. Fixes shipped in February; the full technical write-ups landed May 4.
Unpatched fleets are now genuinely exposed. CVSS 8.8.https://www.postgresql.org/support/security/CVE-2026-2005/
PGX reviews extension exposure and database security posture — https://pgexperts.com.
-
PgBouncer 1.25.2 shipped May 8 and patches CVE-2026-6664 — a pre-auth crash via a malformed SCRAM packet. Three other CVEs in the same release.
If PgBouncer is reachable from anything you don't fully trust, upgrade this week.
https://www.pgbouncer.org/2026/05/pgbouncer-1-25-2
PGX does PgBouncer hardening and connection-pool audits — https://pgexperts.com.
-
Our CEO, Christophe Pettus, will be giving his talk “Why is Postgres Terrible” on Tuesday, May 19th at https://PGConf.dev! That’s 5 days away! The countdown is on!
-
PGXpertise™ lets you have a world-leading PostgreSQL Expert on call. This is a monthly retainer service that provides a block of consulting hours that can be used for any service PGX provides, at a significant discount. Contact us today!
-
Calling all women in Postgres and Allies! Stacey Haysler and Mila Zhou will be hosting the Postgres Women's Breakfast next Wednesday, May 20th, at PGConf DEV! That’s one week from today!
RSVP here: https://tinyurl.com/pgwbdev2026
-
PGX is proud to be a Silver Sponsor for PgDay Boston!
-
PGX is proud to be a Silver Sponsor for PgDay Boston!