Description
HTML injection in pgAdmin 4's cloud deployment module. The verify_credentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text — and the related file-resolution and database-commit exception text — into the JSON response body (the info and errormsg fields) without HTML-encoding. The Cloud Wizard frontend rendered these strings through html-react-parser, so an attacker-influenced exception message embedded structural HTML directly into the wizard's DOM.

The reported entry point is /rds/verify_credentials/. An authenticated pgAdmin user submits a crafted access_key whose value contains an <iframe/src=...> payload; AWS STS rejects the credential with an IncompleteSignature exception whose text quotes the access_key verbatim; the pgAdmin backend forwards that text into the JSON info field; the Cloud Wizard's FormFooterMessage parses it as HTML. The browser fetches the iframe's src from an attacker-controlled host, and JavaScript executing inside the cross-origin iframe writes to parent.location, redirecting the victim's pgAdmin tab. Because the injection renders inside pgAdmin's own interface, X-Frame-Options and Content-Security-Policy frame-ancestors do not mitigate it. Baseline impact is self-targeted (the same user who supplied the payload sees the injection); escalation against other authenticated users requires an additional cross-site request-forgery primitive capable of submitting the malformed credential request with a valid X-pgA-CSRFToken in the victim's browser context.

The same unsanitised-error-into-JSON pattern was present across multiple sibling endpoints — Azure's check_cluster_name_availability, every Google endpoint that surfaces SDK errors (verification_ack, projects, regions, instance_types, database_versions, the verify_credentials path-resolution branches), the central /deploy endpoint that bubbles str(e) from deploy_on_rds / deploy_on_azure / deploy_on_google, and update_cloud_server which surfaces the str(e) from a failing db.session.commit — all of which are now covered.

Fix HTML-escapes every external/SDK exception string at the endpoint sink via a new shared sanitize_external_text helper (HTML escape with control-character strip), promoted out of the psycopg3 driver into web/pgadmin/utils/text_sanitize.py. The Cloud Wizard frontend additionally renders its FormFooterMessage in plain-text mode for backend-derived strings, so the value is never parsed as HTML even if a future sink forgets the escape.

This issue affects pgAdmin 4: from 6.6 before 9.16.
Published: 2026-06-18
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to embed arbitrary HTML in JSON responses from several Cloud Wizard endpoints in pgAdmin 4 (CWE‑79). An authenticated user who submits a crafted access key that triggers an SDK error can cause the Cloud Wizard’s frontend to render unescaped error text containing an iframe that loads a malicious host. The underlying flaw stems from outputting unescaped exception strings into the JSON sink (CWE‑116), which the frontend parses as HTML. When the browser processes the injected iframe, JavaScript from the cross‑origin frame can change the parent window’s location, redirecting the victim’s pgAdmin session. X‑Frame‑Options and CSP frame‑ancestors headers configured for pgAdmin do not mitigate this because the injection occurs inside the pgAdmin interface itself. The damage is limited to the authenticated user who supplied the payload unless a CSRF token is available to affect other users.

Affected Systems

pgAdmin 4 from version 6.6 up to, but not including, 9.16 is affected. The flaw exists in multiple cloud deployment endpoints under /rds/, /azure/, /google/, and the top‑level /cloud/ blueprint, as documented by the vendor pgadmin.org.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity. EPSS data is not available and the vulnerability is not listed in CISA’s KEV catalog. Attack is feasible from any authenticated pgAdmin user who can submit a malicious credential. Commitment of a CSRF token is required to redirect other authenticated users. The exploit does not gain system‑wide privileges or exfiltrate data beyond the victim’s session; however, the ability to redirect to malicious sites can lead to credential theft or session hijacking if the victim is tricked into logging into a spoofed pgAdmin instance.

Generated by OpenCVE AI on June 19, 2026 at 01:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade pgAdmin to version 9.16 or later, which includes HTML‑escaping of all external exception strings and renders the Cloud Wizard FormFooterMessage as plain text
  • If an upgrade is not immediately possible, configure the application to strip exception messages from JSON responses for the /rds/verify_credentials, /azure/, and /google/ endpoints, or replace the sink with the provided sanitize_external_text helper to ensure all exception text is HTML‑escaped
  • Restrict or disable the Cloud Wizard endpoints for users whose credentials are not needed for cloud deployment, and enforce strict CSRF protection to prevent third‑party sites from triggering the vulnerable endpoints

Generated by OpenCVE AI on June 19, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Description HTML injection in pgAdmin 4's cloud deployment module. The verify_credentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text — and the related file-resolution and database-commit exception text — into the JSON response body (the info and errormsg fields) without HTML-encoding. The Cloud Wizard frontend rendered these strings through html-react-parser, so an attacker-influenced exception message embedded structural HTML directly into the wizard's DOM. The reported entry point is /rds/verify_credentials/. An authenticated pgAdmin user submits a crafted access_key whose value contains an <iframe/src=...> payload; AWS STS rejects the credential with an IncompleteSignature exception whose text quotes the access_key verbatim; the pgAdmin backend forwards that text into the JSON info field; the Cloud Wizard's FormFooterMessage parses it as HTML. The browser fetches the iframe's src from an attacker-controlled host, and JavaScript executing inside the cross-origin iframe writes to parent.location, redirecting the victim's pgAdmin tab. Because the injection renders inside pgAdmin's own interface, X-Frame-Options and Content-Security-Policy frame-ancestors do not mitigate it. Baseline impact is self-targeted (the same user who supplied the payload sees the injection); escalation against other authenticated users requires an additional cross-site request-forgery primitive capable of submitting the malformed credential request with a valid X-pgA-CSRFToken in the victim's browser context. The same unsanitised-error-into-JSON pattern was present across multiple sibling endpoints — Azure's check_cluster_name_availability, every Google endpoint that surfaces SDK errors (verification_ack, projects, regions, instance_types, database_versions, the verify_credentials path-resolution branches), the central /deploy endpoint that bubbles str(e) from deploy_on_rds / deploy_on_azure / deploy_on_google, and update_cloud_server which surfaces the str(e) from a failing db.session.commit — all of which are now covered. Fix HTML-escapes every external/SDK exception string at the endpoint sink via a new shared sanitize_external_text helper (HTML escape with control-character strip), promoted out of the psycopg3 driver into web/pgadmin/utils/text_sanitize.py. The Cloud Wizard frontend additionally renders its FormFooterMessage in plain-text mode for backend-derived strings, so the value is never parsed as HTML even if a future sink forgets the escape. This issue affects pgAdmin 4: from 6.6 before 9.16.
Title pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text
Weaknesses CWE-116
CWE-79
References
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: PostgreSQL

Published:

Updated: 2026-06-18T23:37:39.657Z

Reserved: 2026-06-11T20:40:07.824Z

Link: CVE-2026-12047

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T02:00:10Z

Weaknesses
  • CWE-116

    Improper Encoding or Escaping of Output

  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')