CVE-2026-12046
published 2026-06-19CVE-2026-12046: Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/update_connection/// --…
PriorityP266critical9CVSS 3.1
AVNACHPRNUINSCCHIHAH
EPSS
0.71%
49.1th percentile
Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/update_connection/// -- were the only routes in the module missing the @pga_login_required decorator. Both reach a pickle.loads sink on session['gridData'][]['command_obj']: the close endpoint via close_sqleditor_session(), and update_sqleditor_connection via check_transaction_status(). In server mode these endpoints were reachable without any authenticated pgAdmin session.
The defect is a missing-authentication-on-critical-function (CWE-306) wrapper around a deserialization-of-untrusted-data sink (CWE-502). Exploiting it for remote code execution requires the attacker to also forge a server-side session file whose gridData entry contains a malicious pickle payload, which in turn requires both (a) knowledge of pgAdmin's Flask SECRET_KEY (no chain to leak it is described here -- the attacker must already possess it) and (b) write access to pgAdmin's sessions/ directory on the host. Neither precondition is granted by this defect on its own. When those preconditions are met from another channel (misconfigured deployment, prior compromise, leaked configuration), the missing auth gate is the final hop that turns an existing partial compromise into unauthenticated code execution in the pgAdmin process -- and, by extension, on the host under whatever account runs pgAdmin.
Fix is a one-line @pga_login_required decorator on each of the two endpoints, matching the convention used by every other route in the module. The is_authenticated / MFA chain now runs before the trans_id is dereferenced, so an unauthenticated request is rejected before reaching the deserialization path.
The defect is server-mode only. In DESKTOP mode pgAdmin's before_request hook re-authenticates DESKTOP_USER on every request, so no endpoint can be exercised in an unauthenticated state and no auth decorator (or its absence) is meaningful. The accompanying regression tes
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pgadmin.org | pgadmin_4 | >= 6.9 < 9.16 | 9.16 |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on unauthenticated (no valid session cookie) HTTP DELETE requests to the /sqleditor/close/ endpoint in pgAdmin 4 server mode — this endpoint should require authentication and any unauthenticated hit is a direct indicator of exploitation attempt. ↗
- →Alert on unauthenticated (no valid session cookie) HTTP POST requests to the /sqleditor/initialize/sqleditor/update_connection/ endpoint in pgAdmin 4 server mode — same missing-auth condition as the close endpoint. ↗
- →Monitor for an attacker harvesting a CSRF token via GET /login immediately followed by unauthenticated requests to the two vulnerable sqleditor endpoints — this sequence mirrors the documented attacker path in the regression test. ↗
- →Monitor for unexpected writes or modifications to the pgAdmin sessions/ directory, especially creation of session files containing binary/pickle-serialized data — this is a required precondition for the RCE chain. ↗
- →This vulnerability is server-mode only; DESKTOP mode is not affected. Scope detection rules to pgAdmin deployments running in SERVER mode. ↗
- ·Exploitation requires the attacker to already possess the Flask SECRET_KEY. Without it, the malicious pickle session file cannot be forged. Detections focused solely on the unauthenticated endpoint calls may miss the full chain if the SECRET_KEY is not separately protected. ↗
- ·The vulnerability only affects pgAdmin 4 versions from 6.9 up to (but not including) 9.16. Deployments already on 9.16+ are patched and these detection rules are not needed for those instances. ↗
- ·Network-level mitigation (restricting access to the pgAdmin port to trusted hosts only) reduces exposure but does not patch the root cause; detection rules should still be applied for internal network traffic. ↗
CVSS provenance
nvdv3.19.0CRITICALCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv4.09.5CRITICALCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat9.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
pgadmin4: pgAdmin 4: Remote Code Execution due to missing authentication on critical functions
vendor_redhat·2026-06-18·CVSS 9.0
CVE-2026-12046 [HIGH] CWE-306 pgadmin4: pgAdmin 4: Remote Code Execution due to missing authentication on critical functions
pgadmin4: pgAdmin 4: Remote Code Execution due to missing authentication on critical functions
A flaw was found in pgAdmin 4. Critical functions within the SQL Editor blueprint lacked proper authentication, allowing a remote attacker to bypass security controls. When combined with specific preconditions, such as knowledge of the Flask SECRET_KEY and write access to the sessions directory, this vulnerability could enable unauthenticated remote code execution on the server. This issue primarily affects pgAdmin 4 deployments in server mode.
Statement: This is an Important flaw in pgAdmin 4, as it could lead to unauthenticated remote code execution on the server. However, successful exploitation requires an attacker to already possess the Flask SECRET_KEY and have write access to the pgAdmin
GHSA
Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did> -- were the only ro
ghsa_unreviewed·2026-06-19
CVE-2026-12046 [CRITICAL] CWE-306 Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did> -- were the only ro
Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/update_connection/// -- were the only routes in the module missing the @pga_login_required decorator. Both reach a pickle.loads sink on session['gridData'][]['command_obj']: the close endpoint via close_sqleditor_session(), and update_sqleditor_connection via check_transaction_status(). In server mode these endpoints were reachable without any authenticated pgAdmin session.
The defect is a missing-authentication-on-critical-function (CWE-306) wrapper around a deserialization-of-untrusted-data sink (CWE-502). Exploiting it for remote code execution requires the attacker to also forge a server-side session file whose gridData entry contains a malicious pickle
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-12046 pgadmin4: pgAdmin 4: Remote Code Execution due to missing authentication on critical functions [fedora-all]
bugzilla·2026-06-19
CVE-2026-12046 [HIGH] CVE-2026-12046 pgadmin4: pgAdmin 4: Remote Code Execution due to missing authentication on critical functions [fedora-all]
CVE-2026-12046 pgadmin4: pgAdmin 4: Remote Code Execution due to missing authentication on critical functions [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-2026-c248414214 (pgadmin4-9.16-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-c248414214
---
FEDORA-2026-5938be3b09 (pgadmin4-9.16-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-5938be3b09
---
FEDORA-2026-c248414214 has been pushed to the Fedora 44 testing repository.
Soon you'll be able to install the updat
Bugzilla
CVE-2026-12046 pgadmin4: pgAdmin 4: Remote Code Execution due to missing authentication on critical functions
bugzilla·2026-06-19
CVE-2026-12046 [HIGH] CVE-2026-12046 pgadmin4: pgAdmin 4: Remote Code Execution due to missing authentication on critical functions
CVE-2026-12046 pgadmin4: pgAdmin 4: Remote Code Execution due to missing authentication on critical functions
Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/update_connection/// -- were the only routes in the module missing the @pga_login_required decorator. Both reach a pickle.loads sink on session['gridData'][]['command_obj']: the close endpoint via close_sqleditor_session(), and update_sqleditor_connection via check_transaction_status(). In server mode these endpoints were reachable without any authenticated pgAdmin session.
The defect is a missing-authentication-on-critical-function (CWE-306) wrapper around a deserialization-of-untrusted-data sink (CWE-502). Exploiting it for remote code execution
2026-06-19
Published