Skip to main content

pgAdmin 4 EUVDEUVD-2026-29085

| CVE-2026-7817 HIGH
Files or Directories Accessible to External Parties (CWE-552)
2026-05-11 PostgreSQL GHSA-p58c-q354-6c4f
7.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Patch available
May 11, 2026 - 17:17 EUVD
Re-analysis Queued
May 11, 2026 - 16:22 vuln.today
cvss_changed
Severity Changed
May 11, 2026 - 16:22 NVD
MEDIUM HIGH
CVSS changed
May 11, 2026 - 16:22 NVD
6.5 (MEDIUM) 7.1 (HIGH)
Analysis Generated
May 11, 2026 - 15:47 vuln.today
CVE Published
May 11, 2026 - 14:35 nvd
MEDIUM 6.5

DescriptionCVE.org

Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints.

User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing api_key_file at any path readable by the pgAdmin process, or coerce pgAdmin into making requests to internal targets (e.g. cloud metadata services such as 169.254.169.254) by setting api_url, exploiting the chat path and model-list endpoints.

Fix restricts api_key_file to the user's private storage (server mode) or home directory (desktop mode), enforces a printable-ASCII key shape and a 1024-byte read cap, and gates api_url against a configurable allow-list (config.ALLOWED_LLM_API_URLS) at every entry point.

This issue affects pgAdmin 4: before 9.15.

AnalysisAI

Authenticated users in pgAdmin 4 before version 9.15 can read arbitrary server-side files or trigger server-side request forgery (SSRF) attacks via unvalidated LLM API configuration endpoints. The vulnerabilities exist in the chat and model-list endpoints where user-supplied api_key_file and api_url parameters are passed directly to LLM provider clients without sanitization, enabling attackers to exfiltrate sensitive files (database credentials, private keys) readable by the pgAdmin process or coerce internal requests to cloud metadata services and private infrastructure.

Technical ContextAI

pgAdmin 4 integrates Large Language Model (LLM) providers through configurable API endpoints. The vulnerability stems from insufficient input validation in the LLM configuration mechanism, specifically the api_key_file parameter (intended to reference credential files) and api_url parameter (intended to specify LLM service endpoints). The application passes these parameters directly to underlying LLM client libraries without path canonicalization, URL validation, or schema enforcement. This creates a classic LFI/SSRF pattern where user-controlled input influences file I/O and HTTP request destinations. The CWE classification is not provided in the source data, but the root causes are path traversal (LFI component) and improper resource validation for URL schemes (SSRF component). Affected versions prior to 9.15 lack allowlist-based validation and path restrictions.

RemediationAI

Upgrade pgAdmin 4 to version 9.15 or later immediately. This release enforces validation of the api_key_file parameter to restrict file access to the user's private storage directory (server mode) or home directory (desktop mode), implements printable-ASCII character enforcement for API keys, and caps file reads at 1024 bytes to limit information leakage. The api_url parameter is now validated against a configurable allowlist defined in config.ALLOWED_LLM_API_URLS. If immediate upgrade is not feasible, implement compensating controls: disable or restrict access to the LLM configuration endpoints at the reverse proxy or firewall level, restrict pgAdmin process permissions to deny access to sensitive file paths (using OS-level access controls), and prevent outbound HTTP/HTTPS connections to private IP ranges (169.254.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) via network egress filtering. Note that these controls reduce functionality (LLM features become unavailable) and require ongoing maintenance but are effective until patching is completed. Reference: PostgreSQL security advisory and pgAdmin issue tracker for official guidance.

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2024-2044 CRITICAL POC
9.9 Mar 07

pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling

CVE-2024-3116 CRITICAL POC
9.8 Apr 04

pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. Rated cr

CVE-2022-4223 HIGH POC
8.8 Dec 13

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external Post

CVE-2024-9014 MEDIUM POC
6.5 Sep 23

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. Rated medium severity (CVS

CVE-2026-12046 CRITICAL
9.5 Jun 18

Remote unauthenticated access to two SQL Editor endpoints in pgAdmin 4 server-mode deployments (versions 6.9 through 9.1

CVE-2026-12045 CRITICAL
9.4 Jun 18

Remote SQL injection via prompt injection in pgAdmin 4 versions 9.13 through 9.15 allows attackers who can write content

CVE-2026-7813 CRITICAL
9.4 May 11

Authorization bypass and privilege escalation in pgAdmin 4 server mode allows authenticated users to access other users'

CVE-2024-4216 MEDIUM POC
5.4 May 02

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. Rated medium severity (CVS

CVE-2026-12048 CRITICAL
9.3 Jun 18

Stored cross-site scripting in pgAdmin 4 versions 6.0 through 9.15 allows a malicious or attacker-influenced PostgreSQL

CVE-2025-2946 CRITICAL
9.1 Apr 03

pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). Rated critical severity (CVSS 9.1

CVE-2026-12044 HIGH
8.7 Jun 18

SQL injection in pgAdmin 4 versions 1.0 through 9.15 allows an authenticated user with object-modification rights to inj

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Python 3 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

EUVD-2026-29085 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy