PT-2026-50728 · Pypi · Pghoard

Published

2026-06-18

·

Updated

2026-06-18

·

CVE-2026-54711

CVSS v4.0

2.4

Low

VectorAV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Impact

When using .pgpass, database connection information including the username and password will be logged at the debug level.

Patches

Upgrade to version 2.7.1 or greater.

Workarounds

Filter out debug-level logs.

References

This issue was discovered by BugCrowd user DRAKOKORIAN.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2026-54711
GHSA-MPX4-JMPR-VM8V

Affected Products

Pghoard