QSearchQSearch

CVE-2026-7816

8.8 HIGH

OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export

Published: 2026-05-11 · Last updated: 2026-05-26

Severity and scoring

CVSS
8.8 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-78

Affected products

VendorProduct
pgadminpgadmin_4

Description

OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject ") TO PROGRAM 'cmd'" to break out of the \copy (...) context and achieve arbitrary command execution on the pgAdmin server, or ") TO '/path'" for arbitrary file write. Additional fields (format, on_error, log_verbosity) were also raw-interpolated and exploitable. Fix adds a parens-balance parser modeled on psql's strtokx tokenizer, allow-lists format/on_error/log_verbosity, rejects null bytes in the query, and tightens type and gating checks. This issue affects pgAdmin 4: before 9.15.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-7820 Improper restriction of excessive authentication attempts (CWE-307) in pgAdmin 4 (6.5 MEDIUM)
  • CVE-2026-7819 Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager (8.1 HIGH)
  • CVE-2026-7818 Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager (7.0 HIGH)
  • CVE-2026-7817 Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints (6.5 MEDIUM)
  • CVE-2026-7815 SQL injection vulnerability in pgAdmin 4 Maintenance Tool (8.8 HIGH)

Same CWE

  • CVE-2026-42846 ClipBucket v5 is an open source video sharing platform (9.8 CRITICAL)
  • CVE-2026-45172 Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0....
  • CVE-2026-48547 KanaDojo contains a command injection vulnerability that allows an attacker with pull request access to execute arbitrary shell commands ... (7.3 HIGH)
  • CVE-2026-49261 MariaDB server is a community developed fork of MySQL server (10.0 CRITICAL)
  • CVE-2026-49219 ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)