CVE-2026-7817
Analyzed Analyzed - Analysis Complete
Local File Inclusion and SSRF in pgAdmin 4 LLM API

Publication date: 2026-05-11

Last updated on: 2026-05-26

Assigner: PostgreSQL

Description
Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing api_key_file at any path readable by the pgAdmin process, or coerce pgAdmin into making requests to internal targets (e.g. cloud metadata services such as 169.254.169.254) by setting api_url, exploiting the chat path and model-list endpoints. Fix restricts api_key_file to the user's private storage (server mode) or home directory (desktop mode), enforces a printable-ASCII key shape and a 1024-byte read cap, and gates api_url against a configurable allow-list (config.ALLOWED_LLM_API_URLS) at every entry point. This issue affects pgAdmin 4: before 9.15.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-26
Generated
2026-06-21
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-19
NVD
CVE-2026-7817
EUVD
EUVD-2026-29085
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pgadmin pgadmin_4 From 9.13 (inc) to 9.15 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-552 The product makes files or directories accessible to unauthorized actors, even though they should not be.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7817 is a vulnerability in pgAdmin 4 versions 9.13 to 9.14 involving local file inclusion (LFI) and server-side request forgery (SSRF) in the LLM API configuration endpoints.

The issue occurs because user-supplied preferences for `api_key_file` and `api_url` are passed to LLM provider clients without proper validation.

An authenticated attacker could exploit this by specifying a malicious `api_key_file` path to read arbitrary server-side files or by manipulating `api_url` to coerce pgAdmin into making requests to internal targets, such as cloud metadata services.

The vulnerability affects the chat path and model-list endpoints.

The fix implemented in version 9.15 restricts `api_key_file` to the user's private storage or home directory, enforces a printable-ASCII key format with a 1024-byte read limit, and validates `api_url` against a configurable allow-list.

Impact Analysis

This vulnerability can allow an authenticated attacker to read arbitrary files on the server running pgAdmin 4 by exploiting the local file inclusion flaw.

Additionally, the attacker can force pgAdmin to make unauthorized requests to internal network targets, such as cloud metadata services, through the server-side request forgery flaw.

These impacts could lead to exposure of sensitive information stored on the server or within internal network services, potentially compromising system security.

Detection Guidance

Detection of this vulnerability involves checking if your pgAdmin 4 instance is running a vulnerable version (9.13 to 9.14) and if the LLM API configuration endpoints are accessible to authenticated users.

You can attempt to detect exploitation attempts by monitoring requests to the chat path and model-list endpoints that include unusual or suspicious values for the api_key_file or api_url parameters.

For example, you might use network monitoring or web server logs to identify requests with parameters pointing to sensitive file paths or internal IP addresses such as 169.254.169.254.

Specific commands depend on your environment, but here are some general suggestions:

  • Use grep or similar tools on web server logs to find suspicious requests: grep -i 'api_key_file' /var/log/pgadmin4/access.log
  • Monitor network traffic for requests to internal IPs from pgAdmin 4: tcpdump -i any host 169.254.169.254
  • Check the pgAdmin 4 version to confirm if it is vulnerable: pgadmin4 --version or check the installed package version.
Mitigation Strategies

The immediate mitigation step is to upgrade pgAdmin 4 to version 9.15 or later, where the vulnerability has been fixed.

The fix includes restricting the api_key_file parameter to the user's private storage or home directory, enforcing a printable-ASCII key format with a 1024-byte read cap, and validating api_url against a configurable allow-list.

If upgrading immediately is not possible, restrict access to the LLM API configuration endpoints to trusted users only and monitor for suspicious activity as a temporary measure.

Compliance Impact

The provided information does not specify how CVE-2026-7817 impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7817. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart