CVE-2026-1707
HIGH
GHSA-3p7x-94q9-jq9x
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
3Description
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation.
Analysis
Command execution in pgAdmin 4 server mode allows authenticated attackers to bypass restore operation restrictions by extracting the restrict key during PLAIN-format dump file operations and injecting malicious payloads to re-enable meta-commands. An attacker with web interface access can race the restore process in real time to achieve reliable code execution on the pgAdmin host. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Audit all pgAdmin 9.11 deployments running in server mode and identify instances with restore functionality exposed. Within 7 days: Implement network access controls to restrict pgAdmin restore operations and disable server-mode restore functionality if not operationally critical. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today