Is there a patch available for EUVD-2026-29082?

Yes, a patch is available for EUVD-2026-29082. Update the affected software to the latest version immediately.

pgAdmin 4 EUVD-2026-29082

Q: What is the CVSS score of EUVD-2026-29082?

EUVD-2026-29082 has a CVSS 4.0 base score of 4.8 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-7814 MEDIUM

Cross-site Scripting (XSS) (CWE-79)

2026-05-11 PostgreSQL

GHSA-6p2c-69cv-3fxq

XSS PostgreSQL

4.8

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Scope

Lifecycle Timeline

Analysis Generated

May 11, 2026 - 15:47 vuln.today

CVE Published

May 11, 2026 - 14:35 nvd

MEDIUM 4.8

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

1 pypi packages depend on pgadmin4 (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 9.15.

DescriptionNVD

Stored cross-site scripting (XSS) vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules.

User-controlled PostgreSQL object names (database, schema, table, column, etc.) were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute attacker-supplied JavaScript in the browser of any pgAdmin user who navigated to or executed EXPLAIN over the malicious object.

Fix replaces innerHTML with textContent.

This issue affects pgAdmin 4: before 9.15.

AnalysisAI

Stored cross-site scripting (XSS) in pgAdmin 4 before version 9.15 allows authenticated administrators to execute arbitrary JavaScript in the browsers of other pgAdmin users by crafting malicious PostgreSQL object names (databases, schemas, tables, columns) that are rendered unsafely via innerHTML in the Browser Tree and Explain Visualizer modules. The vulnerability requires administrator privileges and user interaction (navigation to or EXPLAIN execution over the malicious object), limiting real-world exploitation scope despite the network attack vector.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Vendor StatusVendor

EUVD-2026-29082 vulnerability details – vuln.today

Back

pgAdmin 4 EUVD-2026-29082

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Vendor StatusVendor

Share

pgAdmin 4 EUVD-2026-29082

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Vendor StatusVendor

Share

External POC / Exploit Code