Description
SQL injection in pgAdmin 4's named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}). The user-supplied 'value' field was interpolated directly into the SQL string with str.format() instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected PostgreSQL session to inject additional statements through that endpoint.

The injected SQL executes under the database role the user is already authenticated as. The defect does not cross a privilege boundary -- the user already has direct SQL access to that role through the Query Tool -- so the attacker gains no capability beyond what their database role already grants them. The marginal impact accounts for the fact that the injection path is not the documented SQL-execution interface, so a deployment that gates the Query Tool at the application layer could see SQL executed through a path it did not anticipate.

Fix passes the restore point name as a bound parameter and schema-qualifies the function call as pg_catalog.pg_create_restore_point so a non-default search_path on the connection cannot redirect the call to a shadow definition. A regression test asserts the value arrives as a bound parameter and not spliced into the SQL string.

This issue affects pgAdmin 4: from 1.0 before 9.16.
Published: 2026-06-18
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw allows an authenticated pgAdmin user to inject arbitrary SQL into the named restore point endpoint by submitting a crafted 'value' field. Because the input is splice‑directly into an SQL call using str.format, the attacker can execute any statement that the database role already permits. The injection does not cross a privilege boundary—the attacker already has full SQL rights for the connected role through the Query Tool—so the vulnerability merely duplicates an existing attack surface. The primary consequence is the potential for unintended data exposure or modification at the level of the authenticated role.

Affected Systems

The issue affects pgAdmin 4 versions from 1.0 through the pre‑9.16 releases. The product is sold by pgadmin.org and is distributed under the open‑source pgAdmin 4 label.

Risk and Exploitability

The CVSS score of 5.3 reflects a moderate impact. EPSS data are not available and the vulnerability is not listed in the CISA KEV catalog, indicating no known exploitation reports. The attack vector is a web‑based POST request to /browser/server/restore_point/{gid}/{sid} and requires the user to be authenticated with a PostgreSQL session. Since the injected SQL runs under the user’s own database role, the likelihood of a catastrophic compromise is low, but an attacker can still leverage the endpoint to run arbitrary queries they could already run via the Query Tool.

Generated by OpenCVE AI on June 19, 2026 at 01:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade pgAdmin 4 to version 9.16 or newer, where the restore‑point name is passed as a bound parameter and the function is schema‑qualified.
  • If upgrading immediately is not possible, restrict or disable the named restore point endpoint in the web application firewall or network firewall so that only trusted administrators can reach it.
  • As a defensive measure, enforce strict input validation on the 'value' field to ensure it contains only valid identifier characters before constructing any SQL.

Generated by OpenCVE AI on June 19, 2026 at 01:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Description SQL injection in pgAdmin 4's named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}). The user-supplied 'value' field was interpolated directly into the SQL string with str.format() instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected PostgreSQL session to inject additional statements through that endpoint. The injected SQL executes under the database role the user is already authenticated as. The defect does not cross a privilege boundary -- the user already has direct SQL access to that role through the Query Tool -- so the attacker gains no capability beyond what their database role already grants them. The marginal impact accounts for the fact that the injection path is not the documented SQL-execution interface, so a deployment that gates the Query Tool at the application layer could see SQL executed through a path it did not anticipate. Fix passes the restore point name as a bound parameter and schema-qualifies the function call as pg_catalog.pg_create_restore_point so a non-default search_path on the connection cannot redirect the call to a shadow definition. A regression test asserts the value arrives as a bound parameter and not spliced into the SQL string. This issue affects pgAdmin 4: from 1.0 before 9.16.
Title pgAdmin 4: SQL injection in named restore point endpoint
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: PostgreSQL

Published:

Updated: 2026-06-18T23:37:19.384Z

Reserved: 2026-06-11T20:40:09.826Z

Link: CVE-2026-12050

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T01:30:16Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')