CVE-2026-7817
published 2026-05-11CVE-2026-7817: Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied api_key_file and…
PriorityP344medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.22%
12.1th percentile
Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints.
User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing api_key_file at any path readable by the pgAdmin process, or coerce pgAdmin into making requests to internal targets (e.g. cloud metadata services such as 169.254.169.254) by setting api_url, exploiting the chat path and model-list endpoints.
Fix restricts api_key_file to the user's private storage (server mode) or home directory (desktop mode), enforces a printable-ASCII key shape and a 1024-byte read cap, and gates api_url against a configurable allow-list (config.ALLOWED_LLM_API_URLS) at every entry point.
This issue affects pgAdmin 4: before 9.15.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pgadmin.org | pgadmin_4 | >= 9.13 < 9.15 | 9.15 |
| pgadmin | pgadmin_4 | >= 9.13 < 9.15 | 9.15 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv4.07.1HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities
ghsa·2026-05-11
CVE-2026-7817 [HIGH] CWE-552 pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities
pgAdmin 4 contains local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities
Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints.
User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing api_key_file at any path readable by the pgAdmin process, or coerce pgAdmin into making requests to internal targets (e.g. cloud metadata services such as 169.254.169.254) by setting api_url, exploiting the chat path and model-list endpoints.
Fix restricts api_key_file to the user's private storage (server mode) or home directory (desktop mode), enforces a printable-ASCII key shape
GHSA
GHSA-p58c-q354-6c4f: Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints
ghsa_unreviewed·2026-05-11
CVE-2026-7817 [HIGH] CWE-552 GHSA-p58c-q354-6c4f: Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints
Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints.
User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing api_key_file at any path readable by the pgAdmin process, or coerce pgAdmin into making requests to internal targets (e.g. cloud metadata services such as 169.254.169.254) by setting api_url, exploiting the chat path and model-list endpoints.
Fix restricts api_key_file to the user's private storage (server mode) or home directory (desktop mode), enforces a printable-ASCII key shape and a 1024-byte read cap, and gates api_url against a configurable allow-list (config.ALLOWED_LLM_API
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-7817 pgadmin4: local file inclusion and server-side request forgery in LLM API configuration endpoints [fedora-all]
bugzilla·2026-05-12·CVSS 7.1
CVE-2026-7817 [HIGH] CVE-2026-7817 pgadmin4: local file inclusion and server-side request forgery in LLM API configuration endpoints [fedora-all]
CVE-2026-7817 pgadmin4: local file inclusion and server-side request forgery in LLM API configuration endpoints [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
FEDORA-2026-68f6155fea (pgadmin4-9.15-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-68f6155fea
---
FEDORA-2026-1545df20ad (pgadmin4-9.15-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-1545df20ad
Bugzilla
CVE-2026-7817 pgadmin4: local file inclusion and server-side request forgery in LLM API configuration endpoints
bugzilla·2026-05-11·CVSS 7.1
CVE-2026-7817 [HIGH] CVE-2026-7817 pgadmin4: local file inclusion and server-side request forgery in LLM API configuration endpoints
CVE-2026-7817 pgadmin4: local file inclusion and server-side request forgery in LLM API configuration endpoints
Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints.
User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing api_key_file at any path readable by the pgAdmin process, or coerce pgAdmin into making requests to internal targets (e.g. cloud metadata services such as 169.254.169.254) by setting api_url, exploiting the chat path and model-list endpoints.
Fix restricts api_key_file to the user's private storage (server mode) or home directory (desktop mode), enforces a printable-ASCI
2026-05-11
Published