CVE-2026-1707

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-1707

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1707.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-1707

Aliases

GHSA-3p7x-94q9-jq9x

Published

2026-02-05T18:16:11.180Z

Modified

2026-03-13T04:01:59.190926Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the \restrict key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using \unrestrict <key>. This results in reliable command execution on the pgAdmin host during the restore operation.

References

https://github.com/pgadmin-org/pgadmin4/issues/9518

Affected packages

Git / github.com/pgadmin-org/pgadmin4

Affected ranges

Type

GIT

Repo

https://github.com/pgadmin-org/pgadmin4

Events

Introduced

Last affected

dc801e362ebde7fe59ecf77eaaab740fe7452cc5

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.11"
        }
    ]
}

Affected versions

Other

REL-1_0

REL-1_0-BETA1

REL-1_0-BETA2

REL-1_0-BETA3

REL-1_0-BETA4

REL-1_0-RC1

REL-1_1

REL-1_2

REL-1_3

REL-1_4

REL-1_5

REL-1_6

REL-2_0

REL-2_0-RC1

REL-2_0-RC2

REL-2_1

REL-3_0

REL-3_1

REL-3_2

REL-3_3

REL-3_4

REL-3_5

REL-3_6

REL-4_0

REL-4_1

REL-4_10

REL-4_11

REL-4_12

REL-4_13

REL-4_14

REL-4_15

REL-4_16

REL-4_17

REL-4_18

REL-4_19

REL-4_2

REL-4_20

REL-4_21

REL-4_22

REL-4_23

REL-4_24

REL-4_25

REL-4_26

REL-4_27

REL-4_28

REL-4_29

REL-4_3

REL-4_30

REL-4_4

REL-4_5

REL-4_6

REL-4_7

REL-4_8

REL-4_9

REL-5_0

REL-5_1

REL-5_2

REL-5_3

REL-5_4

REL-5_5

REL-5_6

REL-5_7

REL-6_0

REL-6_1

REL-6_10

REL-6_11

REL-6_12

REL-6_13

REL-6_14

REL-6_15

REL-6_16

REL-6_17

REL-6_18

REL-6_19

REL-6_2

REL-6_20

REL-6_21

REL-6_3

REL-6_4

REL-6_5

REL-6_6

REL-6_7

REL-6_8

REL-6_9

REL-7_0

REL-7_1

REL-7_2

REL-7_3

REL-7_4

REL-7_5

REL-7_6

REL-7_7

REL-7_8

REL-8_0

REL-8_1

REL-8_10

REL-8_11

REL-8_12

REL-8_13

REL-8_14

REL-8_2

REL-8_3

REL-8_4

REL-8_5

REL-8_6

REL-8_7

REL-8_8

REL-8_9

REL-9_0

REL-9_1

REL-9_10

REL-9_11

REL-9_2

REL-9_3

REL-9_4

REL-9_5

REL-9_6

REL-9_7

REL-9_8

REL-9_9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1707.json"