EUVD-2026-37964
GHSA-v395-x24j-4r3g
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-accessible endpoint requires a low-privilege authenticated pgAdmin session; scope is unchanged because injected SQL stays within the user's existing database role, yielding only low integrity and no confidentiality or availability impact.
Primary rating from Vendor (PostgreSQL).
CVSS VectorVendor: PostgreSQL
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
SQL injection in pgAdmin 4's named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}). The user-supplied 'value' field was interpolated directly into the SQL string with str.format() instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected PostgreSQL session to inject additional statements through that endpoint.
The injected SQL executes under the database role the user is already authenticated as. The defect does not cross a privilege boundary -- the user already has direct SQL access to that role through the Query Tool -- so the attacker gains no capability beyond what their database role already grants them. The marginal impact accounts for the fact that the injection path is not the documented SQL-execution interface, so a deployment that gates the Query Tool at the application layer could see SQL executed through a path it did not anticipate.
Fix passes the restore point name as a bound parameter and schema-qualifies the function call as pg_catalog.pg_create_restore_point so a non-default search_path on the connection cannot redirect the call to a shadow definition. A regression test asserts the value arrives as a bound parameter and not spliced into the SQL string.
This issue affects pgAdmin 4: from 1.0 before 9.16.
AnalysisAI
{gid}/{sid}) permits a low-privilege authenticated user with an active PostgreSQL session to inject additional SQL statements by exploiting unsafe str.format() interpolation of the user-supplied 'value' field. Affected versions span pgAdmin 4 from 1.0 through 9.15; a patch was released in version 9.16. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three concrete preconditions: (1) a valid pgAdmin 4 authenticated session with any role (PR:L per CVSS 4.0 - anonymous access is insufficient); (2) an active PostgreSQL server connection established within that pgAdmin session, meaning the user must have clicked 'Connect' to a server/database in pgAdmin's browser tree; and (3) HTTP access to the POST /browser/server/restore_point/{gid}/{sid} endpoint. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 5.3 Medium is well-calibrated to the actual impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker authenticates to pgAdmin 4 with a valid low-privilege account and establishes an active PostgreSQL server connection within the pgAdmin session. They then POST a crafted JSON body to /browser/server/restore_point/{gid}/{sid} with a 'value' field containing a payload such as "test'); SELECT sensitive_function(); --", which breaks out of the string literal and causes the extra statement to execute under the attacker's existing database role - bypassing any pgAdmin application-layer control that would otherwise block direct Query Tool use. |
| Remediation | Upgrade pgAdmin 4 to version 9.16 or later. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
SQL injection in n8n's legacy Postgres v1 and TimescaleDB workflow nodes allows an authenticated workflow editor to inje
Unauthenticated SQL injection in NCEAS Metacat 2.0.0 through pre-3.0.0 allows remote attackers to read, modify, and exec
Remote SQL injection via prompt injection in pgAdmin 4 versions 9.13 through 9.15 allows attackers who can write content
Stored cross-site scripting in pgAdmin 4 versions 6.0 through 9.15 allows a malicious or attacker-influenced PostgreSQL
SQL injection in pgAdmin 4 versions 1.0 through 9.15 allows an authenticated user with object-modification rights to inj
Share
External POC / Exploit Code
Leaving vuln.today