CYBERSIXT Signal Over Noise
securityonline.info 6/22/2026, 1:16:40 AM · external

Critical pgAdmin 4 flaws expose RCE risk, urgent patch advised

Critical pgAdmin 4 flaws expose RCE risk, urgent patch advised
CyberSIXT Evidence Panel
CVE Intel
CVE-2026-12046 - NVD Not in KEV 9.5 CRITICAL
CVE-2026-12045 - NVD Not in KEV 9.4 CRITICAL
CVE-2026-12048 - NVD Not in KEV 9.3 CRITICAL
CISA KEV Not in KEV
Patch Patch Available

THE pgAdmin 4 tool has three critical vulnerabilities (CVE-2026-12046, CVE-2026-12045, CVE-2026-12048) leading to high-severity threats, including remote code execution and unauthenticated access, all rated above CVSS 9.0. These security flaws allow for potential stored XSS attacks, AI Assistant SQL injection risks, and more. No confirmed exploits have been reported, but patches are available in version 9.16, which database administrators are urged to implement immediately to protect their systems. The vulnerabilities have a significant impact due to pgAdmin's widespread use in server-mode deployments.

View full article

Article by CyberSIXT