CVE-2026-1707
Restore Restriction Bypass in pgAdmin 9.11 Enables Remote Code Execution
Publication date: 2026-02-05
Last updated on: 2026-02-26
Assigner: PostgreSQL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pgadmin | pgadmin_4 | 9.11 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-1707 is a vulnerability in pgAdmin version 9.11 that involves a Restore restriction bypass via key disclosure. When running in server mode and restoring from PLAIN-format dump files, an attacker with access to the pgAdmin web interface can observe an active restore operation and extract the secret '\\restrict' key in real time."}, {'type': 'paragraph', 'content': "Using this key, the attacker can race the restore process by overwriting the restore script with a payload that re-enables meta-commands using '\\unrestrict <key>', which leads to reliable command execution on the pgAdmin host during the restore operation."}, {'type': 'paragraph', 'content': "The root cause is that the secret key used for the 'restrict' option was exposed in the process watcher output during restoration of plain SQL files, allowing unauthorized disclosure."}] [1]
How can this vulnerability impact me? :
This vulnerability allows an attacker with access to the pgAdmin web interface to execute arbitrary commands on the pgAdmin host during a restore operation.
Such command execution can lead to unauthorized control over the server, potentially compromising the confidentiality, integrity, and availability of the system and its data.
Because the attacker can bypass restore restrictions and execute commands, this could result in data breaches, system manipulation, or further exploitation within the environment.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the exposure of a secret key during the restore operation of plain SQL files in pgAdmin4 server mode. Detection would involve monitoring the process watcher output during restore operations to see if the secret key associated with the restrict option is visible.
Since the key is exposed in the process watcher output, you can check running restore operations for any visible secret keys or suspicious command executions related to the restore process.
However, no specific commands or network detection methods are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade pgAdmin to version 9.12 or later, where the secret key used for the restrict option during restore operations is masked in the process watcher output, preventing unauthorized disclosure.
Until the upgrade is applied, restrict access to the pgAdmin web interface to trusted users only, as an attacker with access to the interface can exploit this vulnerability.