PYSEC-2026-2864

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/pgadmin4/PYSEC-2026-2864.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2864
Aliases
Published
2026-07-13T14:36:34.716318Z
Modified
2026-07-13T16:32:56.086856171Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS Calculator
Summary
pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability
Details

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the \restrict key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using \unrestrict <key>. This results in reliable command execution on the pgAdmin host during the restore operation.

References

Affected packages

PyPI / pgadmin4

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.12

Affected versions

4.*
4.20
4.22
4.23
4.24
4.25
4.26
4.27
4.28
4.29
4.30
5.*
5.0
5.1
5.2
5.3
5.4
5.5
5.6
5.7
6.*
6.2
6.3
6.4
6.5
6.6
6.7
6.8
6.9
6.10
6.11
6.12
6.13
6.14
6.15
6.16
6.17
6.18
6.19
6.20
6.21
7.*
7.0
7.1
7.2
7.3
7.4
7.5
7.6
7.7
7.8
8.*
8.0
8.1
8.2
8.3
8.4
8.5
8.6
8.7
8.8
8.9
8.10
8.11
8.12
8.13
8.14
9.*
9.0
9.1
9.2
9.3
9.4
9.5
9.6
9.7
9.8
9.9
9.10
9.11

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/pgadmin4/PYSEC-2026-2864.yaml"