Which versions of pgAdmin 4 are affected by EUVD-2026-29087?

pgAdmin 4 versions before 9.15 contain a critical file write vulnerability that allows authenticated users to overwrite arbitrary files with application-level privileges, potentially compromising…. A patch is available.

pgAdmin 4 EUVD-2026-29087

Q: What is the CVSS score of EUVD-2026-29087?

EUVD-2026-29087 has a CVSS 4.0 base score of 7.2 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-7819 HIGH

UNIX Symbolic Link (Symlink) Following (CWE-61)

2026-05-11 PostgreSQL

GHSA-hr4r-fwpv-c95j

Path Traversal

7.2

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 11, 2026 - 17:17 EUVD

Re-analysis Queued

May 11, 2026 - 16:22 vuln.today

cvss_changed

CVSS changed

May 11, 2026 - 16:22 NVD

8.1 (HIGH) 7.2 (HIGH)

Analysis Generated

May 11, 2026 - 15:46 vuln.today

CVE Published

May 11, 2026 - 14:35 nvd

HIGH 8.1

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

1 pypi packages depend on pgadmin4 (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 9.15.

DescriptionNVD

Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager.

check_access_permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storage directory pointing outside it and induce pgAdmin to write to any path reachable by the pgAdmin process.

Fix switches the access check to os.path.realpath for both source and destination, and adds an _open_upload_target helper that opens the target with O_NOFOLLOW (mode 0o600) to close the leaf-component TOCTOU between the access check and the open. File mode is hardened from 0o644 to 0o600.

This issue affects pgAdmin 4: before 9.15.

AnalysisAI

Symbolic link path traversal in pgAdmin 4 File Manager allows authenticated users to write arbitrary files on the server filesystem. Attackers with valid credentials can plant symlinks in their storage directory pointing outside it, bypassing access controls to overwrite critical system files or application configurations with pgAdmin process privileges. …

RemediationAI

Within 24 hours: Identify all pgAdmin 4 instances and document current versions; disable or restrict access to the File Manager feature for all non-administrative accounts via pgAdmin role-based access controls. Within 7 days: Review audit logs for any suspicious file operations by authenticated users; implement network segmentation to limit pgAdmin process privileges and filesystem access using OS-level controls (SELinux, AppArmor, or chroot). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Vendor StatusVendor

EUVD-2026-29087 vulnerability details – vuln.today

Back

pgAdmin 4 EUVD-2026-29087

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Vendor StatusVendor

Share

pgAdmin 4 EUVD-2026-29087

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Vendor StatusVendor

Share

External POC / Exploit Code