Understanding the OnGres SCRAM Silent Channel-Binding Authentication Downgrade Vulnerability
A flaw in the OnGres SCRAM library allows an attacker to silently downgrade a connection from SCRAM-SHA-256-PLUS (with channel binding) to standard SCRAM-SHA-256 (without channel binding), bypassing strict client-side enforcement policies. This vulnerability has a CVSS score of 8.2 and is tracked under CVE-2026-53712.