Critical 9.4 CVSS pgAdmin 4 Flaws Enable Full OS Command Execution

In a major security overhaul, pgAdmin, the world’s most popular open-source administration platform for PostgreSQL, has released version 9.15 to address a cluster of dangerous vulnerabilities. The updates tackle everything from unauthenticated authorization bypasses to full operating-system command execution, signaling a “must-patch” moment for database administrators globally.

The most severe flaw in the lineup is CVE-2026-7813 (CVSS 9.4). In server mode, multiple endpoints were fetching user-owned objects without properly filtering by the requester’s identity. This allowed authenticated users to access private servers, background processes, and debugger arguments simply by guessing object IDs.

Even more alarming was a flaw in the Shared Servers feature that enabled privilege escalation. Attackers could write to the passexec_cmd field—a shell command executed during connection establishment—allowing them to run arbitrary commands in the context of the server owner.

Two separate vulnerabilities provided a direct path from SQL queries to full system takeover:

• Export Tool Exploitation (CVE-2026-7816): User input was raw-interpolated into a psql \copy template. An attacker could inject “) TO PROGRAM ‘cmd'” to break out of the database context and execute commands directly on the pgAdmin server.
• Maintenance Tool SQL Injection (CVE-2026-7815): Four JSON fields in the Maintenance Tool were concatenated directly into VACUUM and ANALYZE commands. This allowed users to execute arbitrary SQL and, eventually, OS commands via the COPY … TO PROGRAM primitive.

The security sweep also closed several doors that were left ajar for credential theft:

• CVE-2026-7820: While pgAdmin’s main login page enforced a maximum attempt limit, a default Flask-Security /login endpoint remained reachable and completely ignored account lockouts. This allowed attackers to perform unbounded online password guessing against internal accounts.
• CVE-2026-7818: The session manager was performing unsafe deserialization of session files before checking their integrity. If an attacker could drop a crafted file into the sessions directory, they could achieve remote code execution (RCE).

Modern features weren’t immune to traditional bugs. CVE-2026-7817 targeted the new LLM API configuration. Because api_key_file and api_url preferences weren’t validated, users could read arbitrary server-side files or force pgAdmin to make requests to internal targets like cloud metadata services (SSRF).

Additionally, CVE-2026-7819 addressed a symbolic-link path traversal flaw in the File Manager. Authenticated users could plant symlinks to “trick” pgAdmin into writing files outside of their designated storage directory.

The pgAdmin team has implemented robust fixes for these issues, including a new centralized access control module and strict allow-listing for SQL commands.

• Affected Versions: All versions of pgAdmin 4 prior to 9.15.
• Required Action: Upgrade immediately to pgAdmin 4 v9.15.