CVE-2026-1707
Unknown Unknown - Not Provided
Restore Restriction Bypass in pgAdmin 9.11 Enables Remote Code Execution

Publication date: 2026-02-05

Last updated on: 2026-02-26

Assigner: PostgreSQL

Description
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-14
NVD
CVE-2026-1707
EUVD
EUVD-2026-5528
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pgadmin pgadmin_4 9.11
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-1707 is a vulnerability in pgAdmin version 9.11 that involves a Restore restriction bypass via key disclosure. When running in server mode and restoring from PLAIN-format dump files, an attacker with access to the pgAdmin web interface can observe an active restore operation and extract the secret '\\restrict' key in real time."}, {'type': 'paragraph', 'content': "Using this key, the attacker can race the restore process by overwriting the restore script with a payload that re-enables meta-commands using '\\unrestrict <key>', which leads to reliable command execution on the pgAdmin host during the restore operation."}, {'type': 'paragraph', 'content': "The root cause is that the secret key used for the 'restrict' option was exposed in the process watcher output during restoration of plain SQL files, allowing unauthorized disclosure."}] [1]

Impact Analysis

This vulnerability allows an attacker with access to the pgAdmin web interface to execute arbitrary commands on the pgAdmin host during a restore operation.

Such command execution can lead to unauthorized control over the server, potentially compromising the confidentiality, integrity, and availability of the system and its data.

Because the attacker can bypass restore restrictions and execute commands, this could result in data breaches, system manipulation, or further exploitation within the environment.

Compliance Impact

I don't know

Detection Guidance

This vulnerability involves the exposure of a secret key during the restore operation of plain SQL files in pgAdmin4 server mode. Detection would involve monitoring the process watcher output during restore operations to see if the secret key associated with the restrict option is visible.

Since the key is exposed in the process watcher output, you can check running restore operations for any visible secret keys or suspicious command executions related to the restore process.

However, no specific commands or network detection methods are provided in the available resources.

Mitigation Strategies

The immediate mitigation step is to upgrade pgAdmin to version 9.12 or later, where the secret key used for the restrict option during restore operations is masked in the process watcher output, preventing unauthorized disclosure.

Until the upgrade is applied, restrict access to the pgAdmin web interface to trusted users only, as an attacker with access to the interface can exploit this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1707. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart