CVE-2026-7819
Path Traversal via Symbolic Link in pgAdmin 4
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: PostgreSQL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pgadmin | pgadmin_4 | to 9.15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-61 | The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7819 is a vulnerability in pgAdmin 4's File Manager that allows an authenticated user to perform arbitrary file writes through symbolic-link path traversal.
The issue occurs because the function check_access_permission uses os.path.abspath, which resolves relative paths but does not resolve symbolic links, while the kernel write operation follows symbolic links.
An attacker can create a symbolic link inside their storage directory pointing outside it, causing pgAdmin to write files to any path accessible by the pgAdmin process.
The vulnerability affects all versions of pgAdmin 4 before version 9.15.
The fix involves switching the access check to os.path.realpath for both source and destination paths, adding an _open_upload_target helper to open targets with O_NOFOLLOW to prevent time-of-check to time-of-use (TOCTOU) issues, and hardening the file mode from 0o644 to 0o600.
How can this vulnerability impact me? :
This vulnerability can allow an authenticated user to write files to arbitrary locations on the system where pgAdmin runs.
Such arbitrary file writes can lead to unauthorized modification or replacement of files, potentially resulting in privilege escalation, data corruption, or disruption of the pgAdmin service.
Because the attacker can write files outside their own storage directory, they might compromise system integrity or security depending on the permissions of the pgAdmin process.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves symbolic-link path traversal in pgAdmin 4's File Manager, where an authenticated user can create symbolic links to induce arbitrary file writes. Detection involves checking for the presence of symbolic links within user storage directories that point outside their allowed paths.
You can detect suspicious symbolic links by scanning the storage directories used by pgAdmin 4 for symlinks pointing outside the intended directory. For example, on a Unix-like system, you can use the following command to find symbolic links and check their targets:
- find /path/to/pgadmin/storage -type l -exec ls -l {} \;
This command lists all symbolic links under the storage directory and their targets. Review the output for links pointing outside the allowed directory.
Additionally, monitoring file write operations by pgAdmin 4 processes to unexpected locations could help detect exploitation attempts, but specific commands for this are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, upgrade pgAdmin 4 to version 9.15 or later, where the issue has been fixed.
The fix includes switching the access check to use os.path.realpath for both source and destination paths, adding an _open_upload_target helper that opens files with O_NOFOLLOW to prevent symbolic link following, and hardening file permissions from 0o644 to 0o600.
If upgrading immediately is not possible, restrict authenticated users' ability to create symbolic links in their storage directories and monitor for suspicious symlink creation.