Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-12046— pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution

CVSS 9.0 · Critical EPSS 0.71% · P49

Affected Version Matrix 1

VendorProductVersion RangeStatus
pgadmin.orgpgAdmin 46.9< 9.16affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-12046

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution
Source: NVD (National Vulnerability Database)
Vulnerability Description
Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did> -- were the only routes in the module missing the @pga_login_required decorator. Both reach a pickle.loads sink on session['gridData'][<trans_id>]['command_obj']: the close endpoint via close_sqleditor_session(), and update_sqleditor_connection via check_transaction_status(). In server mode these endpoints were reachable without any authenticated pgAdmin session. The defect is a missing-authentication-on-critical-function (CWE-306) wrapper around a deserialization-of-untrusted-data sink (CWE-502). Exploiting it for remote code execution requires the attacker to also forge a server-side session file whose gridData entry contains a malicious pickle payload, which in turn requires both (a) knowledge of pgAdmin's Flask SECRET_KEY (no chain to leak it is described here -- the attacker must already possess it) and (b) write access to pgAdmin's sessions/ directory on the host. Neither precondition is granted by this defect on its own. When those preconditions are met from another channel (misconfigured deployment, prior compromise, leaked configuration), the missing auth gate is the final hop that turns an existing partial compromise into unauthenticated code execution in the pgAdmin process -- and, by extension, on the host under whatever account runs pgAdmin. Fix is a one-line @pga_login_required decorator on each of the two endpoints, matching the convention used by every other route in the module. The is_authenticated / MFA chain now runs before the trans_id is dereferenced, so an unauthenticated request is rejected before reaching the deserialization path. The defect is server-mode only. In DESKTOP mode pgAdmin's before_request hook re-authenticates DESKTOP_USER on every request, so no endpoint can be exercised in an unauthenticated state and no auth decorator (or its absence) is meaningful. The accompanying regression test mirrors the attacker's path -- harvests an X-pgA-CSRFToken from GET /login and replays it against both endpoints -- and self-skips outside server mode for that reason; it is wired into the existing server-mode CI workflow alongside the data-isolation tests. This issue affects pgAdmin 4: from 6.9 before 9.16.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
关键功能的认证机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
pgadmin 4 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
pgadmin 4是pgAdmin组织开源的一款数据库管理工具。 pgAdmin 4 6.9版本至9.16之前版本存在安全漏洞,该漏洞源于SQL Editor蓝图中的两个端点缺少身份验证装饰器,导致未经身份验证的攻击者可以访问会话数据中的未信任数据反序列化点,可能通过伪造服务器端会话文件实现远程代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
pgadmin.orgpgAdmin 4 6.9 ~ 9.16 -

II. Public POCs for CVE-2026-12046

#POC DescriptionSource LinkShenlong Link
AI-Generated POCVerified env Premium
Qwen3.6-35B-A3B · 8050 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month

III. Intelligence Information for CVE-2026-12046

登录查看更多情报信息。

Patches & Fixes for CVE-2026-12046 (1)

Vendor Advisories for CVE-2026-12046 (1)

Same Patch Batch · pgadmin.org · 2026-06-18 · 7 CVEs total

CVE-2026-120489.3 CRITICALpgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-p
CVE-2026-120459.0 CRITICALpgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote
CVE-2026-120448.8 HIGHpgAdmin 4: SQL injection in COMMENT ON ... IS '<description>' rendering across dialog temp
CVE-2026-120494.3 MEDIUMpgAdmin 4: Open redirect in multi-factor authentication flow via unvalidated 'next' parame
CVE-2026-120504.3 MEDIUMpgAdmin 4: SQL injection in named restore point endpoint
CVE-2026-120473.5 LOWpgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised S

IV. Related Vulnerabilities

V. Comments for CVE-2026-12046

No comments yet


Leave a comment