CVE-2026-12046
Received Received - Intake
Authentication Bypass in pgAdmin 4 SQL Editor

Publication date: 2026-06-19

Last updated on: 2026-06-19

Assigner: PostgreSQL

Description
Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did> -- were the only routes in the module missing the @pga_login_required decorator. Both reach a pickle.loads sink on session['gridData'][<trans_id>]['command_obj']: the close endpoint via close_sqleditor_session(), and update_sqleditor_connection via check_transaction_status(). In server mode these endpoints were reachable without any authenticated pgAdmin session. The defect is a missing-authentication-on-critical-function (CWE-306) wrapper around a deserialization-of-untrusted-data sink (CWE-502). Exploiting it for remote code execution requires the attacker to also forge a server-side session file whose gridData entry contains a malicious pickle payload, which in turn requires both (a) knowledge of pgAdmin's Flask SECRET_KEY (no chain to leak it is described here -- the attacker must already possess it) and (b) write access to pgAdmin's sessions/ directory on the host. Neither precondition is granted by this defect on its own. When those preconditions are met from another channel (misconfigured deployment, prior compromise, leaked configuration), the missing auth gate is the final hop that turns an existing partial compromise into unauthenticated code execution in the pgAdmin process -- and, by extension, on the host under whatever account runs pgAdmin. Fix is a one-line @pga_login_required decorator on each of the two endpoints, matching the convention used by every other route in the module. The is_authenticated / MFA chain now runs before the trans_id is dereferenced, so an unauthenticated request is rejected before reaching the deserialization path. The defect is server-mode only. In DESKTOP mode pgAdmin's before_request hook re-authenticates DESKTOP_USER on every request, so no endpoint can be exercised in an unauthenticated state and no auth decorator (or its absence) is meaningful. The accompanying regression test mirrors the attacker's path -- harvests an X-pgA-CSRFToken from GET /login and replays it against both endpoints -- and self-skips outside server mode for that reason; it is wired into the existing server-mode CI workflow alongside the data-isolation tests. This issue affects pgAdmin 4: from 6.9 before 9.16.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-19
Last Modified
2026-06-19
Generated
2026-06-19
AI Q&A
2026-06-19
EPSS Evaluated
N/A
NVD
CVE-2026-12046
EUVD
EUVD-2026-37966
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
pgadmin pgadmin_4 From 6.9 (inc) to 9.16 (exc)
pgadmin pgadmin_4 9.16
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in pgAdmin 4 involves two endpoints in the SQL Editor module that lacked proper authentication checks. These endpoints, DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did>, were missing the @pga_login_required decorator, allowing unauthenticated access in server mode.

Both endpoints deserialize session data using Python's pickle.loads function on untrusted input, which can lead to remote code execution if exploited. However, exploitation requires the attacker to have knowledge of pgAdmin's Flask SECRET_KEY and write access to the server's sessions directory to forge a malicious session file.

The vulnerability is a combination of missing authentication (CWE-306) and unsafe deserialization of untrusted data (CWE-502). The fix involves adding the missing authentication decorator to these endpoints, ensuring that unauthenticated requests are rejected before deserialization.

Impact Analysis

If exploited, this vulnerability can lead to unauthenticated remote code execution within the pgAdmin process on the host machine. This means an attacker could execute arbitrary code with the same privileges as the pgAdmin server process.

However, exploitation requires the attacker to already have partial access to the system, including knowledge of the Flask SECRET_KEY and write access to the sessions directory. Thus, this vulnerability acts as a final step that escalates an existing partial compromise into full unauthenticated code execution.

In practical terms, if these preconditions are met (for example, due to misconfiguration or prior compromise), an attacker could gain control over the server running pgAdmin, potentially leading to data breaches, system manipulation, or further attacks.

Detection Guidance

This vulnerability involves unauthenticated access to two specific endpoints in pgAdmin 4's SQL Editor blueprint: DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did>. Detection can focus on monitoring for unauthenticated requests to these endpoints.

Since exploitation requires unauthenticated access to these endpoints, you can detect potential exploitation attempts by checking your web server or application logs for requests to these URLs without valid authentication tokens or sessions.

Suggested commands to detect such activity might include using tools like curl or wget to test access, or using grep on log files to find suspicious requests. For example:

  • grep -i 'DELETE /sqleditor/close/' /var/log/pgadmin4/access.log
  • grep -i 'POST /sqleditor/initialize/sqleditor/update_connection/' /var/log/pgadmin4/access.log
  • curl -v -X DELETE http://your-pgadmin-server/sqleditor/close/<trans_id> -H 'Cookie: session=...' (to test if authentication is required)
  • curl -v -X POST http://your-pgadmin-server/sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did> -H 'Cookie: session=...' (to test authentication enforcement)

Note that successful exploitation also requires knowledge of the SECRET_KEY and write access to the sessions directory, so detection should also include monitoring for unauthorized access or changes to configuration files and session storage.

Mitigation Strategies

The primary mitigation is to ensure that the two vulnerable endpoints have proper authentication enforced by applying the @pga_login_required decorator, which is the fix included in pgAdmin 4 version 9.16.

Immediate steps include:

  • Upgrade pgAdmin 4 to version 9.16 or later, where the fix is implemented.
  • Restrict access to the pgAdmin server to trusted networks to reduce exposure.
  • Ensure that the Flask SECRET_KEY is kept secret and not exposed.
  • Protect the sessions/ directory on the host to prevent unauthorized write access.
  • Monitor logs for unauthenticated access attempts to the vulnerable endpoints.

If upgrading immediately is not possible, consider implementing additional access controls such as firewall rules or reverse proxy authentication to block unauthenticated requests to these endpoints.

Compliance Impact

The vulnerability allows unauthenticated remote code execution in the pgAdmin process if an attacker can forge a server-side session file containing malicious pickle payloads. This could lead to unauthorized access and control over the system running pgAdmin.

Such unauthorized access and potential data compromise could negatively impact compliance with standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data.

However, exploitation requires additional preconditions (knowledge of SECRET_KEY and write access to session files) that are not granted by this vulnerability alone, indicating that this vulnerability acts as a final step in a chain of compromises.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12046. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart