Authorization Vulnerability in pgAdmin 4 Server Mode by pgAdmin
CVE-2026-7813

9.4CRITICAL

Key Information:

Vendor: Pgadmin.org
Status: Pgadmin 4
Vendor: CVE Published:; 11 May 2026

🔔 Create Pgadmin.org Vulnerability Alert

What is CVE-2026-7813?

An authorization vulnerability in pgAdmin 4 allows authenticated users to access unauthorized private servers and resources due to inadequate filtering by user identity. This flaw impacts server operations across multiple components, including Server Groups and Debugger modules, where sensitive data can be leaked or manipulated. With improper access controls, users may retrieve and modify another user’s objects based on guessed IDs, leading to potential privilege escalation and unwanted data integrity issues. Significant remediation measures have been implemented in response to this vulnerability, focusing on enhancing access control and securing user-owned data.

Affected Version(s)

pgAdmin 4 0

References

https://github.com/pgadmin-org/pgadmin4/pull/9830

patch

https://github.com/pgadmin-org/pgadmin4/pull/9835

patch

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
May 4, 2026

CVE-2026-7813 Data

JSON