cbcvebase.
CVE-2026-1707
published 2026-02-05

CVE-2026-1707: pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing…

PriorityP343medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
0.39%
31.0th percentile
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict `. This results in reliable command execution on the pgAdmin host during the restore operation.

Affected

2 ranges
VendorProductVersion rangeFixed in
pgadmin.orgpgadmin_4
pgadminpgadmin_4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.