Path Traversal Vulnerability in pgAdmin 4 by pgAdmin Team
CVE-2026-7819

7.2HIGH

Key Information:

Vendor: Pgadmin.org
Status: Pgadmin 4
Vendor: CVE Published:; 11 May 2026

🔔 Create Pgadmin.org Vulnerability Alert

What is CVE-2026-7819?

A path traversal vulnerability in the file manager of pgAdmin 4 allows authenticated users to manipulate symbolic links within their storage directories. The flawed access permission validation using os.path.abspath fails to resolve symbolic links, enabling users to redirect file writes to arbitrary locations. This security flaw can potentially expose sensitive file paths to unauthorized access, allowing misuse of pgAdmin 4's functionalities. The issue has been addressed in subsequent releases, where the access checks are strengthened using os.path.realpath, along with a hardened file mode to prevent unauthorized file access.

Affected Version(s)

pgAdmin 4 0

References

https://github.com/pgadmin-org/pgadmin4/issues/9902

issue-tracking

CVSS V4

Score:

7.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
May 4, 2026

Credit

Fernando Bortotti

CVE-2026-7819 Data

JSON