Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints.
User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing api_key_file at any path readable by the pgAdmin process, or coerce pgAdmin into making requests to internal targets (e.g. cloud metadata services such as 169.254.169.254) by setting api_url, exploiting the chat path and model-list endpoints.
Fix restricts api_key_file to the user's private storage (server mode) or home directory (desktop mode), enforces a printable-ASCII key shape and a 1024-byte read cap, and gates api_url against a configurable allow-list (config.ALLOWED_LLM_API_URLS) at every entry point.
This issue affects pgAdmin 4: before 9.15.
AnalysisAI
Authenticated users in pgAdmin 4 before version 9.15 can read arbitrary server-side files or trigger server-side request forgery (SSRF) attacks via unvalidated LLM API configuration endpoints. The vulnerabilities exist in the chat and model-list endpoints where user-supplied api_key_file and api_url parameters are passed directly to LLM provider clients without sanitization, enabling attackers to exfiltrate sensitive files (database credentials, private keys) readable by the pgAdmin process or coerce internal requests to cloud metadata services and private infrastructure.
Technical ContextAI
pgAdmin 4 integrates Large Language Model (LLM) providers through configurable API endpoints. The vulnerability stems from insufficient input validation in the LLM configuration mechanism, specifically the api_key_file parameter (intended to reference credential files) and api_url parameter (intended to specify LLM service endpoints). The application passes these parameters directly to underlying LLM client libraries without path canonicalization, URL validation, or schema enforcement. This creates a classic LFI/SSRF pattern where user-controlled input influences file I/O and HTTP request destinations. The CWE classification is not provided in the source data, but the root causes are path traversal (LFI component) and improper resource validation for URL schemes (SSRF component). Affected versions prior to 9.15 lack allowlist-based validation and path restrictions.
RemediationAI
Upgrade pgAdmin 4 to version 9.15 or later immediately. This release enforces validation of the api_key_file parameter to restrict file access to the user's private storage directory (server mode) or home directory (desktop mode), implements printable-ASCII character enforcement for API keys, and caps file reads at 1024 bytes to limit information leakage. The api_url parameter is now validated against a configurable allowlist defined in config.ALLOWED_LLM_API_URLS. If immediate upgrade is not feasible, implement compensating controls: disable or restrict access to the LLM configuration endpoints at the reverse proxy or firewall level, restrict pgAdmin process permissions to deny access to sensitive file paths (using OS-level access controls), and prevent outbound HTTP/HTTPS connections to private IP ranges (169.254.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) via network egress filtering. Note that these controls reduce functionality (LLM features become unavailable) and require ongoing maintenance but are effective until patching is completed. Reference: PostgreSQL security advisory and pgAdmin issue tracker for official guidance.
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling
pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. Rated cr
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external Post
pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. Rated medium severity (CVS
Remote unauthenticated access to two SQL Editor endpoints in pgAdmin 4 server-mode deployments (versions 6.9 through 9.1
Remote SQL injection via prompt injection in pgAdmin 4 versions 9.13 through 9.15 allows attackers who can write content
Authorization bypass and privilege escalation in pgAdmin 4 server mode allows authenticated users to access other users'
pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. Rated medium severity (CVS
Stored cross-site scripting in pgAdmin 4 versions 6.0 through 9.15 allows a malicious or attacker-influenced PostgreSQL
pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). Rated critical severity (CVSS 9.1
SQL injection in pgAdmin 4 versions 1.0 through 9.15 allows an authenticated user with object-modification rights to inj
Vendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Module for Python 3 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for Server Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Server Applications 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Proxy LTS 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Retail Branch Server LTS 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE Manager Server LTS 4.3 | Fixed |
| SUSE CaaS Platform 4.0 | Fixed |
| SUSE Enterprise Storage 6 | Fixed |
| SUSE Enterprise Storage 7 | Fixed |
| SUSE Enterprise Storage 7.1 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| SUSE Linux Enterprise Module for Server Applications 15 SP1 | Fixed |
| SUSE Linux Enterprise Module for Server Applications 15 SP2 | Fixed |
| SUSE Linux Enterprise Module for Server Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP2 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP3 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP1 | Fixed |
| SUSE Linux Enterprise Server 15 SP1-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP2 | Fixed |
| SUSE Linux Enterprise Server 15 SP2-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP3 | Fixed |
| SUSE Linux Enterprise Server 15 SP3-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| SUSE Manager Proxy 4.0 | Fixed |
| SUSE Manager Proxy 4.1 | Fixed |
| SUSE Manager Proxy 4.2 | Fixed |
| SUSE Manager Retail Branch Server 4.0 | Fixed |
| SUSE Manager Retail Branch Server 4.1 | Fixed |
| SUSE Manager Retail Branch Server 4.2 | Fixed |
| SUSE Manager Server 4.0 | Fixed |
| SUSE Manager Server 4.1 | Fixed |
| SUSE Manager Server 4.2 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29085
GHSA-p58c-q354-6c4f