QSearchQSearch

CVE-2026-7819

8.1 HIGH

Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager

Published: 2026-05-11 · Last updated: 2026-05-26

Severity and scoring

CVSS
8.1 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE
CWE-61

Affected products

VendorProduct
pgadminpgadmin_4

Description

Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_access_permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storage directory pointing outside it and induce pgAdmin to write to any path reachable by the pgAdmin process. Fix switches the access check to os.path.realpath for both source and destination, and adds an _open_upload_target helper that opens the target with O_NOFOLLOW (mode 0o600) to close the leaf-component TOCTOU between the access check and the open. File mode is hardened from 0o644 to 0o600. This issue affects pgAdmin 4: before 9.15.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-7820 Improper restriction of excessive authentication attempts (CWE-307) in pgAdmin 4 (6.5 MEDIUM)
  • CVE-2026-7818 Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager (7.0 HIGH)
  • CVE-2026-7817 Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints (6.5 MEDIUM)
  • CVE-2026-7816 OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export (8.8 HIGH)
  • CVE-2026-7815 SQL injection vulnerability in pgAdmin 4 Maintenance Tool (8.8 HIGH)

Same CWE

  • CVE-2026-5223 Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to overrid... (5.3 MEDIUM)
  • CVE-2026-8784 A vulnerability was detected in npitre cramfs-tools up to 2.2 (4.2 MEDIUM)
  • CVE-2026-6475 Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g (8.8 HIGH)
  • CVE-2026-31893 Tunnelblick is an open source graphic user interface for OpenVPN on macOS (5.5 MEDIUM)