216.73.216.170

CVE-2026-7816

· Published 11/05/2026 16:17 · Modified 11/05/2026 17:16

Labels: CVE-2026-7816 2026-05-11CVE-2026-7816CWE-89f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Essential information

Published
11/05/2026 16:17
Modified
11/05/2026 17:16
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject ") TO PROGRAM 'cmd'" to break out of the \copy (...) context and achieve arbitrary command execution on the pgAdmin server, or ") TO '/path'" for arbitrary file write. Additional fields (format, on_error, log_verbosity) were also raw-interpolated and exploitable. Fix adds a parens-balance parser modeled on psql's strtokx tokenizer, allow-lists format/on_error/log_verbosity, rejects null bytes in the query, and tightens type and gating checks. This issue affects pgAdmin 4: before 9.15.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
NVD
View on NVD

Affected products (CPE)

ProductCPE
pgadmin / pgadmin cpe:2.3:a:pgadmin:pgadmin:0.0.0-9.14:*:*:*:*:*:*:*

References