Stored XSS Vulnerability in DbGate Cross-Platform Database Manager
CVE-2026-34725

8.3HIGH

Key Information:

Vendor

Dbgate

Status
Dbgate
Vendor
CVE Published:
2 April 2026

What is CVE-2026-34725?

DbGate, a cross-platform database management tool, is susceptible to a stored XSS vulnerability in versions prior to 7.1.5. Due to the lack of sanitization in rendering user-controlled SVG icon strings as raw HTML, malicious actors can inject scripts that execute in another user's browser. In the desktop application using Electron, this flaw may lead to escalated risks, including local code execution given that the application's settings allow for node integration and lack context isolation. Mitigation is available in version 7.1.5.

Affected Version(s)

dbgate >= 7.0.0, < 7.1.5

References

https://github.com/dbgate/dbgate/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/dbgate/dbgate/commit/a7d2ed11f3f3d4dfb...
x_refsource_MISC
https://github.com/dbgate/dbgate/releases/tag/v7.1.5
x_refsource_MISC

CVSS V3.1

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.