These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-12050 is a SQL injection vulnerability in pgAdmin 4's named restore point endpoint. The issue allows an authenticated pgAdmin user with a connected PostgreSQL session to inject additional SQL statements. However, the injected SQL executes under the database role the user is already authenticated as, meaning the attacker gains no capability beyond what their database role already grants them.
An open redirect vulnerability was found in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoints honored the user-supplied 'next' query/form parameter without confirming the target pointed back inside pgAdmin. This could allow an authenticated victim who clicked a link typically delivered by phishing to be sent to an attacker-controlled host directly out of the trusted auth flow.
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-19T00:16:47.200Z and has not been modified since then. The NVD entry is currently Analyzed. This stored cross-site scripting vulnerability in pgAdmin 4's error-rendering and plan-node-rendering paths allows an attacker to inject arbitrary HTML, potentially leading to phishing attacks. The vulnerabil [truncated]
An HTML injection vulnerability was discovered in pgAdmin 4's cloud deployment module. The issue arises from the lack of HTML encoding in exception text from AWS, Azure, and Google SDKs, which is then rendered as HTML by the Cloud Wizard frontend. This allows an authenticated user to inject HTML, potentially leading to self-targeted attacks or, with additional cross-site request-forgery primitives, attack [truncated]
A critical vulnerability was discovered in pgAdmin 4's SQL Editor blueprint, specifically in the DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did> endpoints. These endpoints were missing the @pga_login_required decorator, making them accessible without authentication in server mode. This vulnerability, a missing-authentication-on-critical-func [truncated]
A critical vulnerability (CVE-2026-12045) in pgAdmin 4's AI Assistant allows an attacker with write privileges on the pgAdmin user's role to execute arbitrary SQL, potentially leading to remote code execution on the database server host. The issue arises from the AI Assistant's execute_sql_query tool, which fails to restrict multi-statement payloads, enabling an attacker to bypass read-only transactions. [truncated]
CVE-2026-12044 is a SQL injection vulnerability in pgAdmin 4, a popular administration tool for PostgreSQL databases. The vulnerability affects versions from 1.0 before 9.16 and allows an authenticated user to inject arbitrary SQL code. The issue arises from the improper handling of user-supplied description fields in various dialog templates, including Domains, Foreign Tables, Languages, and Event Trigge [truncated]
pgAdmin 4 versions prior to 9.15 contain an authentication bypass vulnerability in the account lockout mechanism. The application enforces MAX_LOGIN_ATTEMPTS only within its custom /authenticate/login view, while Flask-Security's default /login view—automatically registered and reachable on every server—fails to consult the User.locked field. This occurs because pgAdmin's User model relied on Flask-Securi [truncated]
A symbolic-link path traversal vulnerability in pgAdmin 4's File Manager allows authenticated users to write files to arbitrary locations on the server filesystem. The root cause is a mismatch between access validation and file operations: `check_access_permission` uses `os.path.abspath`, which normalizes parent-directory references but does not resolve symbolic links, while the subsequent kernel write fo [truncated]
pgAdmin 4 versions before 9.15 contain a deserialization vulnerability in the FileBackedSessionManager component. The session manager performed unsafe deserialization of session file contents using Python's standard pickle module before verifying HMAC integrity. This allowed any file placed in the sessions directory to be deserialized unconditionally. An authenticated user with write access to the session [truncated]
CVE-2026-7817 documents Local File Inclusion (LFI) and Server-Side Request Forgery (SSRF) vulnerabilities in pgAdmin 4's LLM API configuration endpoints. The issue stems from insufficient validation of user-supplied `api_key_file` and `api_url` preferences, which were passed directly to LLM provider clients without sanitization. An authenticated attacker could exploit this to read arbitrary files readable [truncated]
CVE-2026-7816 is a high-severity OS command injection vulnerability (CWE-78) in pgAdmin 4's Import/Export query export functionality, published 2026-05-11 and last modified 2026-05-26. The vulnerability exists because user-supplied input was interpolated directly into a psql `COPY` metacommand template without proper sanitization. An authenticated attacker could inject `) TO PROGRAM 'cmd'` to break out of [truncated]
A SQL injection vulnerability in pgAdmin 4's Maintenance Tool allows authenticated users with tools_maintenance permission to execute arbitrary SQL on connected PostgreSQL servers. Four JSON parameters (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) were concatenated directly into VACUUM/ANALYZE/REINDEX commands without proper sanitization. Attackers can break out of option [truncated]
A stored cross-site scripting (XSS) vulnerability in pgAdmin 4 allows attacker-controlled JavaScript execution via malicious PostgreSQL object names. The vulnerability exists in the Browser Tree and Explain Visualizer modules, where user-controlled object names (database, schema, table, column, etc.) were assigned to DOM elements using innerHTML. Crafted object names containing HTML markup can execute Jav [truncated]
pgAdmin 4 server mode contains multiple authorization flaws allowing authenticated users to access and modify other users' private resources. Affected modules include Server Groups, Servers, Shared Servers, Background Processes, and Debugger. The core issue is missing user-scoped filtering on object retrieval endpoints, enabling ID-guessing attacks to access private servers, server groups, background proc [truncated]