Pgadmin Pgadmin_4

8 CVEs affecting Pgadmin Pgadmin_4. Latest disclosed: 2026-05-11. Critical: 1, High: 4.

Top CVEs affecting Pgadmin Pgadmin_4
CVESeverityScorePublishedSummary
CVE-2026-7813Critical9.92026-05-11Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple en…
CVE-2026-7816High8.82026-05-11OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacomma…
CVE-2026-7815High8.82026-05-11SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_…
CVE-2026-7819High8.12026-05-11Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_access_permission used os.path.abspath, which resolves '..' but does not resolv…
CVE-2026-7818High7.02026-05-11Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file conten…
CVE-2026-7820Medium6.52026-05-11Improper restriction of excessive authentication attempts (CWE-307) in pgAdmin 4. pgAdmin enforces MAX_LOGIN_ATTEMPTS only inside its custom /authenticate/log…
CVE-2026-7817Medium6.52026-05-11Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied api_key_file and…
CVE-2026-7814Medium4.82026-05-11Stored cross-site scripting (XSS) vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names (database, s…