CVE-2026-1707

High CVSS: 7.4

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation.

Vendor

Pgadmin

Product

Pgadmin 4

CWE

NVD-CWE-noinfo

Yayın Tarihi

2026-02-05 18:16:11

Güncelleme

2026-02-26 22:20:45

Source Identifier

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

KEV Date Added

Kategoriler

NVD-CWE-noinfo Pgadmin 4 HIGH Pgadmin 2026

Referanslar

https://github.com/pgadmin-org/pgadmin4/issues/9518

Benzer Kayıtlar

Critical

CVE-2025-13780

pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in serv…

High

CVE-2025-12765

pgAdmin

Critical

CVE-2025-12762

pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in serve…

Medium

CVE-2025-12763

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused…

High

CVE-2025-12764

pgAdmin

High

CVE-2025-9636

pgAdmin