Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints.
User-supplied apikeyfile and apiurl preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing apikeyfile at any path readable by the pgAdmin process, or coerce pgAdmin into making requests to internal targets (e.g. cloud metadata services such as 169.254.169.254) by setting apiurl, exploiting the chat path and model-list endpoints.
Fix restricts apikeyfile to the user's private storage (server mode) or home directory (desktop mode), enforces a printable-ASCII key shape and a 1024-byte read cap, and gates apiurl against a configurable allow-list (config.ALLOWEDLLMAPIURLS) at every entry point.
This issue affects pgAdmin 4: before 9.15.