Algorithm Downgrade in Postgresql JDBC Driver - CVE-2026-54291
Published: June 30, 2026
Postgresql JDBC Driver
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass channel-binding protection and enable a man-in-the-middle downgrade of authentication.
The vulnerability exists due to failing open and algorithm downgrade in ScramAuthenticator when processing certificates whose signature algorithm has no tls-server-end-point channel-binding hash. A remote attacker can present a certificate with an unsupported signature algorithm while intercepting the TLS connection to bypass channel-binding protection and enable a man-in-the-middle downgrade of authentication.
Only connections configured with channelBinding=require are affected.