CVE-2026-1707
published 2026-02-05CVE-2026-1707: pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing…
PriorityP343medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
0.39%
31.0th percentile
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict `. This results in reliable command execution on the pgAdmin host during the restore operation.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pgadmin.org | pgadmin_4 | — | — |
| pgadmin | pgadmin_4 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability
ghsa·2026-02-05
CVE-2026-1707 [HIGH] CWE-284 pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability
pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict `. This results in reliable command execution on the pgAdmin host during the restore operation.
OSV
pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability
osv·2026-02-05
CVE-2026-1707 [HIGH] pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability
pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict `. This results in reliable command execution on the pgAdmin host during the restore operation.
No detection rules found.
No public exploits indexed.
2026-02-05
Published