WARNING: Remote Code Execution and Cross-Site Scripting in pgAdmin 4 Can Be Exploited to Execute Arbitrary Commands and Exfiltrate Database Credentials. Patch Immediately! | CCB Belgium

Reference: https://ccb.belgium.be/advisories/warning-remote-code-execution-and-cross-site-scripting-pgadmin-4-can-be-exploited

Published : 22/06/2026

> * Last update: 22/06/2026 > * Affected software: pgAdmin 4 prior to version 9.16 > * Type:
> → CWE-306: Missing Authentication for Critical Function / CWE-502: Deserialization of Untrusted Data
> → CWE-285: Improper Authorization
> → CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-Site Scripting') > * CVE/CVSS
> → CVE-2026-12048: CVSS 9.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)
> → CVE-2026-12046: CVSS 9.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
> → CVE-2026-12045: CVSS 9.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

Sources

pgAdmin - https://www.pgadmin.org/docs/pgadmin4/9.16/release_notes_9_16.html

Risks

pgAdmin 4 is the leading open-source graphical administration and management tool for PostgreSQL databases, widely used by database administrators in both server and desktop deployments.

If exploited, these vulnerabilities could allow attackers to execute arbitrary commands on the underlying server, gain unauthorized access to the database management interface without valid credentials, or inject malicious scripts that steal saved database credentials and issue SQL queries against every connected server. Successful exploitation may result in unauthorized access to sensitive database information (Confidentiality), unauthorized modification or deletion of database content (Integrity), or disruption of database management services (Availability).

Description

CVE-2026-12048 is a stored cross-site scripting vulnerability where PostgreSQL server error text and Explain plan-node content were passed unsanitized through html-react-parser across multiple UI components, including notifier toasts, form errors, modal alerts, and the Explain visualiser. Because pgAdmin's default Content-Security-Policy allows inline scripts, injected JavaScript runs same-origin to the victim's authenticated session and can read every saved server connection credential and issue arbitrary SQL against every server the victim is connected to.

CVE-2026-12046 affects two SQL Editor endpoints (close and update_connection) that were missing the authentication decorator (@pga_login_required) in server mode. This made the endpoints reachable by unauthenticated attackers and exposed a pickle deserialization sink, enabling remote code execution without prior authentication.

CVE-2026-12045 affects the AI Assistant feature. A read-only transaction bypass allowed prompt-injected multi-statement payloads to commit write operations outside the READ ONLY transaction wrapper. On superuser database connections, this flaw chains to remote code execution via the “COPY ... TO PROGRAM” PostgreSQL command.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-12048
NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-12045
NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-12046