Skip to main content

Pgadmin 4 CVE-2026-1707

HIGH
Improper Access Control (CWE-284)
2026-02-05 f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 GHSA-3p7x-94q9-jq9x
Authentication Bypass Pgadmin 4 Suse
7.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 05, 2026 - 18:16 nvd
HIGH 7.4

DescriptionCVE.org

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the \restrict key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using \unrestrict <key>. This results in reliable command execution on the pgAdmin host during the restore operation.

AnalysisAI

Command execution in pgAdmin 4 server mode allows authenticated attackers to bypass restore operation restrictions by extracting the restrict key during PLAIN-format dump file operations and injecting malicious payloads to re-enable meta-commands. An attacker with web interface access can race the restore process in real time to achieve reliable code execution on the pgAdmin host. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Access pgAdmin web interface
Delivery
Observe active restore operation
Exploit
Extract restrict key in real time
Execution
Race overwrite restore script
Persist
Execute unrestrict command
Impact
Achieve code execution on host
Sign in to reveal

Vulnerability AssessmentAI

Exploitation pgAdmin 9.11 running in server mode with PLAIN-format dump file restore operations. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 7.4 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker (requires authentication) could exploit this flaw, reliable command execution on the pgAdmin host during the re.
Remediation Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Audit all pgAdmin 9.11 deployments running in server mode and identify instances with restore functionality exposed. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-12046 CRITICAL
9.5 Jun 18

Remote unauthenticated access to two SQL Editor endpoints in pgAdmin 4 server-mode deployments (versions 6.9 through 9.1
CVE-2026-12045 CRITICAL
9.4 Jun 18

Remote SQL injection via prompt injection in pgAdmin 4 versions 9.13 through 9.15 allows attackers who can write content
CVE-2026-12048 CRITICAL
9.3 Jun 18

Stored cross-site scripting in pgAdmin 4 versions 6.0 through 9.15 allows a malicious or attacker-influenced PostgreSQL

CVE-2026-12044 HIGH
8.7 Jun 18

SQL injection in pgAdmin 4 versions 1.0 through 9.15 allows an authenticated user with object-modification rights to inj
CVE-2026-12049 MEDIUM
5.3 Jun 18

Open redirect in pgAdmin 4's MFA validate and register endpoints allows network-accessible attackers to abuse the authen

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Python 3 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

CVE-2026-1707 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy