What is CVE-2026-12045?

CVE-2026-12045 is a critical-severity vulnerability in Pgadmin.org Pgadmin 4, classified under Command Injection. CVSS score: 9.0/10. Published 2026-06-19.

How severe is CVE-2026-12045?

Critical severity. CVSS v3 base score is 9.0 out of 10.

RCE in Pgadmin.org Pgadmin 4

CVE-2026-12045

Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's…

Vulnerability class: Command Injection (OS Command Injection)

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.

Affected products

Pgadmin.org Pgadmin 4 — versions 9.13

Weakness classification (CWE)

CWE-77 — Command Injection
CWE-89 — SQL Injection

References

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 (issue-tracking)
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 (patch)

Frequently asked questions

What is CVE-2026-12045?: CVE-2026-12045 is a critical-severity vulnerability in Pgadmin.org Pgadmin 4, classified under Command Injection. CVSS score: 9.0/10. Published 2026-06-19.
How severe is CVE-2026-12045?: Critical severity. CVSS v3 base score is 9.0 out of 10.