Security Advisories

Reporting a Security Issue

If you believe you have found a security issue in the design or code of pgAdmin, pgAgent, or the pgAdmin website, please report it privately by email to security (at) pgadmin (dot) org. Please don't use the public issue tracker or the mailing lists for security reports. Note that this address should only be used for reporting suspected vulnerabilities, and not for general security questions.

Known Advisories

The advisories listed below affect pgAdmin 4, with the data sourced from the Open Source Vulnerabilities (OSV) database. We strongly recommend running the latest release, which includes fixes for all of the issues listed.

Last updated 23 Jun 2026, 03:17 UTC.

CVE-2026-7820 Moderate
pgAdmin 4: Improper restriction of excessive authentication attempts

Fixed in: 9.15

Improper restriction of excessive authentication attempts (CWE-307) in pgAdmin 4.

pgAdmin enforces MAX_LOGIN_ATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.init_app() and is reachable on every server, never consulted the User.locked field: pgAdmin's User model relied on Flask-Security's UserMixin.is_locked() (which always returns 'not locked') and Flask-Login's is_active (which only checks the active column, not locked). An attacker who triggered an account lockout via /authenticate/login could therefore obtain a session by re-submitting valid credentials directly to /login, defeating the brute-force-protection control for accounts using the INTERNAL authentication source. The same bypass also means that login attempts via /login are never rate-limited, so an attacker can perform an unbounded online password-guessing attack against INTERNAL accounts regardless of MAX_LOGIN_ATTEMPTS.

Fix overrides User.is_active and User.is_locked() so the locked column is enforced on every authentication path. LDAP, OAuth2, Kerberos, and Webserver users are not reachable by this bypass because they have no local password and are rejected by Flask-Security's LoginForm.validate before the locked check; the lockout itself is also internal-only (the /authenticate/login view filters by auth_source=INTERNAL).

This issue affects pgAdmin 4: before 9.15.

References:

Published 11 May 2026
CVE-2026-7819 High
pgAdmin 4 File Manager has symbolic-link path traversal

Fixed in: 9.15

Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager.

check_access_permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storage directory pointing outside it and induce pgAdmin to write to any path reachable by the pgAdmin process.

Fix switches the access check to os.path.realpath for both source and destination, and adds an _open_upload_target helper that opens the target with O_NOFOLLOW (mode 0o600) to close the leaf-component TOCTOU between the access check and the open. File mode is hardened from 0o644 to 0o600.

This issue affects pgAdmin 4: before 9.15.

References:

Published 11 May 2026
CVE-2026-7818 High
pgAdmin 4 has deserialization of untrusted data in its FileBackedSessionManager

Fixed in: 9.15

Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager.

The session manager performed unsafe deserialization of session-file contents (using Python's standard object-serialization module) before performing any HMAC integrity check. Any file dropped into the sessions directory was deserialized unconditionally. An authenticated user with write access to the sessions directory (whether by misconfiguration or in combination with another path-traversal flaw) could plant a crafted serialized payload to achieve operating-system level remote code execution under the pgAdmin process identity.

Fix prepends a 64-byte hex SHA-256 HMAC over the session body, computed with SECRET_KEY, and verifies it via hmac.compare_digest before any deserialization. The check is raised (rather than asserted) on empty SECRET_KEY so it is not stripped under -O.

This issue affects pgAdmin 4: before 9.15.

References:

Published 11 May 2026
CVE-2026-7817 High
pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities

Fixed in: 9.15

Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints.

User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing api_key_file at any path readable by the pgAdmin process, or coerce pgAdmin into making requests to internal targets (e.g. cloud metadata services such as 169.254.169.254) by setting api_url, exploiting the chat path and model-list endpoints.

Fix restricts api_key_file to the user's private storage (server mode) or home directory (desktop mode), enforces a printable-ASCII key shape and a 1024-byte read cap, and gates api_url against a configurable allow-list (config.ALLOWED_LLM_API_URLS) at every entry point.

This issue affects pgAdmin 4: before 9.15.

References:

Published 11 May 2026
CVE-2026-7816 High
pgAdmin 4: OS command injection vulnerability in Import/Export query export

Fixed in: 9.15

OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export.

User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject ") TO PROGRAM 'cmd'" to break out of the \copy (...) context and achieve arbitrary command execution on the pgAdmin server, or ") TO '/path'" for arbitrary file write. Additional fields (format, on_error, log_verbosity) were also raw-interpolated and exploitable.

Fix adds a parens-balance parser modeled on psql's strtokx tokenizer, allow-lists format/on_error/log_verbosity, rejects null bytes in the query, and tightens type and gating checks.

This issue affects pgAdmin 4: before 9.15.

References:

Published 11 May 2026
CVE-2026-7815 High
SQL injection vulnerability in pgAdmin 4 Maintenance Tool

Fixed in: 9.15

SQL injection vulnerability in pgAdmin 4 Maintenance Tool.

Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) were concatenated directly into the rendered VACUUM/ANALYZE/REINDEX command and passed to psql --command. An authenticated user with the tools_maintenance permission could break out of the option syntax and execute arbitrary SQL on the connected PostgreSQL server. The injected SQL could in turn invoke COPY ... TO PROGRAM to escalate to operating-system command execution on the database host.

Fix introduces server-side allow-listing of all four fields and switches reindex_tablespace from manual quoting to the qtIdent filter.

This issue affects pgAdmin 4: before 9.15.

References:

Published 11 May 2026
CVE-2026-7814 Moderate
pgAdmin 4: Stored cross-site scripting (XSS) vulnerability in Browser Tree and Explain Visualizer modules

Fixed in: 9.15

Stored cross-site scripting (XSS) vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules.

User-controlled PostgreSQL object names (database, schema, table, column, etc.) were assigned to DOM elements via innerHTML, allowing crafted object names containing HTML markup to execute attacker-supplied JavaScript in the browser of any pgAdmin user who navigated to or executed EXPLAIN over the malicious object.

Fix replaces innerHTML with textContent.

This issue affects pgAdmin 4: before 9.15.

References:

Published 11 May 2026
CVE-2026-7813 Critical
pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Fixed in: 9.15

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules.

Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's private servers, server groups, background processes, and debugger function arguments by guessing object IDs.

Additionally, the Shared Servers feature contained multiple issues including credential leakage (passexec_cmd, passfile, SSL keys), privilege escalation via writable passexec_cmd (a shell command executed when establishing the connection) allowing arbitrary command execution in the owner's process context, and owner-data corruption via SQLAlchemy session mutations. Several owner-only fields (passexec_cmd, passexec_expiration, db_res, db_res_type) were writable by non-owners through the API, and additional fields (kerberos_conn, tags, post_connection_sql) lacked per-user persistence so non-owner edits mutated the owner's record.

Fix centralises access control via a new server_access module, scopes all user-owned models with a UserScopedMixin, returns HTTP 410 from connection_manager when access is denied in server mode, suppresses owner-only fields for non-owners across the merge / API response / ServerManager paths, and adds an explicit owner-only write guard. The remediation landed in two pull requests; both are referenced.

This issue affects pgAdmin 4: before 9.15.

References:

Published 11 May 2026
CVE-2026-1707 High CVSS 7.4
pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability

Fixed in: 9.12

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation.

References:

Published 5 Feb 2026
CVE-2025-13780 Critical CVSS 9.1
pgadmin4 has a Meta-Command Filter Command Execution

Fixed in: 9.11

The PLAIN restore meta-command filter introduced in pgAdmin as part of the fix for CVE-2025-12762 does not detect meta-commands when a SQL file begins with a UTF-8 Byte Order Mark (EF BB BF) or other special byte sequences. The implemented filter uses the function `has_meta_commands()`, which scans raw bytes using a regular expression. The regex does not treat the bytes as ignorable, so meta-commands such as `\\!` remain undetected. When pgAdmin invokes psql with --file, psql strips the bytes and executes the command. This can result in remote command execution during a restore operation.

References:

Published 11 Dec 2025
CVE-2025-12765 High CVSS 7.5
pgAdmin has vulnerability in LDAP authentication mechanism that allows bypassing TLS certificate verification

Fixed in: 9.10

pgAdmin <= 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification.

References:

Published 13 Nov 2025
CVE-2025-12764 High CVSS 7.5
pgAdmin is affected by an LDAP injection vulnerability

Fixed in: 9.10

pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and the client to process an unusual amount of data DOS.

References:

Published 13 Nov 2025
CVE-2025-12763 Medium CVSS 6.8
pgAdmin 4 has command injection vulnerability on Windows systems

Fixed in: 9.10

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input.

References:

Published 13 Nov 2025
CVE-2025-12762 Critical CVSS 9.1
pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode

Fixed in: 9.10

pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.

References:

Published 13 Nov 2025
CVE-2025-9636 High CVSS 7.9
pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability

Fixed in: 9.8

pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.

References:

Published 5 Sep 2025
CVE-2025-2946 Critical CVSS 9.1
pgAdmin 4 Vulnerable to Cross-Site Scripting (XSS) via Query Result Rendering

Fixed in: 9.2

pgAdmin <= 9.1 is affected by a security vulnerability with Cross-Site Scripting(XSS). If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser.

References:

Published 3 Apr 2025
CVE-2025-2945 Critical CVSS 9.9
pgAdmin 4 Vulnerable to Remote Code Execution

Fixed in: 9.2

Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules).

The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution.

This issue affects pgAdmin 4: before 9.2.

References:

Published 3 Apr 2025
CVE-2023-1907 High CVSS 8.0
pgAdmin has Incorrect Default Permissions

Fixed in: 7.0

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.

References:

Published 9 Jan 2025
CVE-2024-9014 High CVSS 8.6
OAuth2 client ID and secret exposed through the web browser

Fixed in: 8.12

pgAdmin versions 8.11 and earlier are vulnerable to a security flaw in OAuth2 authentication. This vulnerability allows an attacker to potentially obtain the client ID and secret, leading to unauthorized access to user data.

References:

Published 23 Sep 2024
CVE-2024-4216 High CVSS 7.4
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload

Fixed in: 8.6

pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.

References:

Published 2 May 2024
CVE-2024-4215 Moderate
pgAdmin is affected by a multi-factor authentication bypass vulnerability

Fixed in: 8.6

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

References:

Published 2 May 2024
CVE-2024-3116 High CVSS 7.4
pgAdmin Remote Code Execution (RCE) vulnerability

Fixed in: 8.5

pgAdmin <= 8.4 is affected by a Remote Code Execution (RCE) vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.

References:

Published 4 Apr 2024
CVE-2024-2044 Critical
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user

Fixed in: 8.4

pgAdmin prior to version 8.4 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them and gain code execution.

References:

Published 7 Mar 2024
CVE-2023-5002 Medium CVSS 6.0
pgAdmin failed to properly control the server code

Fixed in: 7.7

A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.7 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.

References:

Published 22 Sep 2023
CVE-2023-0241 Medium CVSS 6.5
pgAdmin 4 vulnerable to directory traversal

Fixed in: 6.19

pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user's settings or alter the database.

References:

Published 27 Mar 2023
CVE-2023-22298 Medium CVSS 6.1
pgAdmin 4 Open Redirect vulnerability

Fixed in: 6.14

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

References:

Published 17 Jan 2023
CVE-2022-4223 High CVSS 8.8
pgadmin4 vulnerable to Code Injection

Fixed in: 6.17

The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to properly secure this API, which could allow an unauthenticated user to call it with a path of their choosing, such as a UNC path to a server they control on a Windows machine. This would cause an appropriately named executable in the target path to be executed by the pgAdmin server.

References:

Published 13 Dec 2022
CVE-2022-0959 Medium CVSS 6.5
pgAdmin 4 Path Traversal vulnerability

Fixed in: 6.7

When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques being used to store files outside of the storage directory. A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.

References:

Published 17 Mar 2022