PYSEC-2026-1768

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/pgadmin4/PYSEC-2026-1768.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1768
Aliases
Published
2026-07-07T11:45:40.517081Z
Modified
2026-07-07T17:47:18.539789029Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS Calculator
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L CVSS Calculator
Summary
pgAdmin is affected by a multi-factor authentication bypass vulnerability
Details

pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.

References

Affected packages

PyPI / pgadmin4

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.6

Affected versions

4.*
4.20
4.22
4.23
4.24
4.25
4.26
4.27
4.28
4.29
4.30
5.*
5.0
5.1
5.2
5.3
5.4
5.5
5.6
5.7
6.*
6.2
6.3
6.4
6.5
6.6
6.7
6.8
6.9
6.10
6.11
6.12
6.13
6.14
6.15
6.16
6.17
6.18
6.19
6.20
6.21
7.*
7.0
7.1
7.2
7.3
7.4
7.5
7.6
7.7
7.8
8.*
8.0
8.1
8.2
8.3
8.4
8.5

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/pgadmin4/PYSEC-2026-1768.yaml"