CVE-2026-46645
Deferred Deferred - Pending Action

SQLAdmin Admin Interface Access Bypass via ajax_lookup

Vulnerability report for CVE-2026-46645, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: GitHub, Inc.

Description

SQLAdmin is a flexible Admin interface for SQLAlchemy models. Prior to version 0.25.1, the ajax_lookup endpoint in application.py bypasses the is_accessible() access control check that all other endpoints enforce. If a developer restricts model access by overriding is_accessible(), an authenticated user can still query that model's data through the ajax_lookup endpoint β€” silently bypassing the restriction. This issue has been patched in version 0.25.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-07-01
AI Q&A
2026-06-11
EPSS Evaluated
2026-06-30
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
sqladmin sqladmin to 0.25.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability exists in SQLAdmin versions prior to 0.25.1, specifically in the ajax_lookup endpoint within application.py. This endpoint bypasses the is_accessible() access control check that other endpoints enforce. As a result, if a developer restricts access to certain models by overriding is_accessible(), an authenticated user can still query data from those models through the ajax_lookup endpoint without restriction.

Impact Analysis

This vulnerability allows authenticated users to silently bypass access control restrictions on certain data models. Consequently, users may gain unauthorized read access to sensitive data that should have been restricted, potentially leading to data exposure.

Mitigation Strategies

To mitigate this vulnerability, upgrade SQLAdmin to version 0.25.1 or later, where the ajax_lookup endpoint properly enforces the is_accessible() access control check.

Compliance Impact

This vulnerability allows authenticated users to bypass access control restrictions and query data models that should be restricted. Such unauthorized data access could lead to exposure of sensitive personal or protected health information.

As a result, organizations using affected versions of SQLAdmin may face challenges in maintaining compliance with data protection regulations like GDPR and HIPAA, which require strict access controls to protect personal and health information.

Detection Guidance

This vulnerability can be detected by checking if the /admin/{identity}/ajax/lookup endpoint is accessible without proper authentication and authorization enforcement.

You can attempt to access the AJAX lookup endpoint with an authenticated user and verify if the is_accessible() access control is enforced. If the endpoint allows querying model data without proper access checks, the system is vulnerable.

To detect this on your system, you can use HTTP request commands such as curl to test the endpoint's behavior.

  • Use curl to send a request to the AJAX lookup endpoint without authentication and observe if you are redirected to a login page (HTTP 302) or receive data.
  • Example command to test unauthenticated access (replace {identity} and parameters accordingly):
  • curl -i http://yourserver/admin/{identity}/ajax/lookup?name=user&term=test
  • If you receive a 200 OK response with data, the endpoint is not properly protected.
  • If you receive a 302 redirect to a login page or a 403 Forbidden response, the endpoint is properly secured.

Additionally, you can review your SQLAdmin version; versions prior to 0.25.1 are vulnerable.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46645. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart