Skip to main content

pgAdmin 4 CVE-2026-7818

| EUVDEUVD-2026-29086 HIGH
Deserialization of Untrusted Data (CWE-502)
2026-05-11 PostgreSQL GHSA-4rhg-h8f2-v4jm
High
Disputed · 7.3 NVD
Share

Severity by source

Sources disagree (Low–High)
NVD PRIMARY
7.3 HIGH
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
3.1 LOW
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

5
Patch available
May 11, 2026 - 17:17 EUVD
Re-analysis Queued
May 11, 2026 - 16:22 vuln.today
cvss_changed
CVSS changed
May 11, 2026 - 16:22 NVD
7.0 (HIGH) 7.3 (HIGH)
Analysis Generated
May 11, 2026 - 15:46 vuln.today
CVE Published
May 11, 2026 - 14:35 nvd
HIGH 7.0

DescriptionCVE.org

Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager.

The session manager performed unsafe deserialization of session-file contents (using Python's standard object-serialization module) before performing any HMAC integrity check. Any file dropped into the sessions directory was deserialized unconditionally. An authenticated user with write access to the sessions directory (whether by misconfiguration or in combination with another path-traversal flaw) could plant a crafted serialized payload to achieve operating-system level remote code execution under the pgAdmin process identity.

Fix prepends a 64-byte hex SHA-256 HMAC over the session body, computed with SECRET_KEY, and verifies it via hmac.compare_digest before any deserialization. The check is raised (rather than asserted) on empty SECRET_KEY so it is not stripped under -O.

This issue affects pgAdmin 4: before 9.15.

AnalysisAI

Unsafe Python pickle deserialization in pgAdmin 4 FileBackedSessionManager allows authenticated local users with session-directory write access to execute arbitrary code as the pgAdmin process. The vulnerability arises from deserializing session files before validating their HMAC signature, enabling payload injection through crafted pickle objects. Attackers require both valid authentication and filesystem write permission to the sessions directory-achievable through misconfiguration or chaining with a separate path-traversal vulnerability. EPSS exploitation probability and KEV status not provided; no public exploit code identified at time of analysis. PostgreSQL maintainers confirmed the flaw and patched it in version 9.15 by implementing pre-deserialization HMAC validation.

Technical ContextAI

pgAdmin 4 is the web-based administration platform for PostgreSQL database management. The FileBackedSessionManager component stores user session state as serialized Python objects in filesystem files. Python's pickle module, used for object serialization, is inherently unsafe when deserializing untrusted data-arbitrary code embedded in pickle bytecode executes during load(). The original implementation followed the anti-pattern of deserialize-then-verify: reading session files with pickle.load() before checking HMAC integrity. This CWE-502 deserialization flaw mirrors classic vulnerabilities in Redis, Apache Spark, and other systems using unsafe object serialization. The fix follows defense-in-depth principles by prepending a 64-byte SHA-256 HMAC (keyed with SECRET_KEY) to each session file and validating via constant-time comparison (hmac.compare_digest) before any pickle operations, preventing object-injection attacks even if an attacker writes to the sessions directory.

RemediationAI

Upgrade pgAdmin 4 to version 9.15 or later, which implements HMAC signature verification before deserialization as documented in https://github.com/pgadmin-org/pgadmin4/issues/9901. For environments unable to upgrade immediately, implement compensating controls with understanding of their operational impact: (1) Restrict session-directory filesystem permissions to the pgAdmin process user only (chmod 700), preventing write access by any other user or service-verify this does not break application functionality if pgAdmin runs under multiple process identities. (2) Switch to database-backed session storage instead of FileBackedSessionManager, noting this introduces PostgreSQL database dependency and potential performance trade-offs for high-concurrency deployments. (3) Deploy pgAdmin in isolated containers or VMs with read-only filesystem mounts for the sessions directory, accepting that session persistence will fail and users must re-authenticate after restarts. (4) Monitor session directory for unauthorized file modifications using filesystem audit tools (auditd, OSSEC), though this provides detection not prevention. None of these workarounds eliminate the underlying deserialization risk-patching to 9.15 remains the definitive solution.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Vendor StatusVendor

SUSE

Severity: Low
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Python 3 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

CVE-2026-7818 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy