{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1707", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "state": "PUBLISHED", "assignerShortName": "PostgreSQL", "dateReserved": "2026-01-30T16:26:58.194Z", "datePublished": "2026-02-05T17:30:05.089Z", "dateUpdated": "2026-02-26T21:50:19.579Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Restore"], "product": "pgAdmin 4", "programFiles": ["https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/tools/restore/__init__.py"], "repo": "https://github.com/pgadmin-org/pgadmin4", "vendor": "pgadmin.org", "versions": [{"status": "affected", "version": "9.11", "versionType": "custom"}]}], "datePublic": "2026-01-30T05:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\\unrestrict &lt;key&gt;`. This results in reliable command execution on the pgAdmin host during the restore operation.</span><br>"}], "value": "pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2026-02-05T17:30:05.089Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://github.com/pgadmin-org/pgadmin4/issues/9518"}], "source": {"discovery": "UNKNOWN"}, "title": "Restore restriction bypass via key disclosure vulnerability (pgAdmin 4)", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-06T04:55:18.483132Z", "id": "CVE-2026-1707", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T21:50:19.579Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1707", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-06T04:55:18.483132Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-05T20:46:34.894Z"}}], "cna": {"title": "Restore restriction bypass via key disclosure vulnerability (pgAdmin 4)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/pgadmin-org/pgadmin4", "vendor": "pgadmin.org", "modules": ["Restore"], "product": "pgAdmin 4", "versions": [{"status": "affected", "version": "9.11", "versionType": "custom"}], "programFiles": ["https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/tools/restore/__init__.py"], "defaultStatus": "unaffected"}], "datePublic": "2026-01-30T05:30:00.000Z", "references": [{"url": "https://github.com/pgadmin-org/pgadmin4/issues/9518", "tags": ["issue-tracking"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\\unrestrict &lt;key&gt;`. This results in reliable command execution on the pgAdmin host during the restore operation.</span><br>", "base64": false}]}], "providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2026-02-05T17:30:05.089Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1707", "state": "PUBLISHED", "dateUpdated": "2026-02-26T21:50:19.579Z", "dateReserved": "2026-01-30T16:26:58.194Z", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "datePublished": "2026-02-05T17:30:05.089Z", "assignerShortName": "PostgreSQL"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pgadmin:pgadmin_4:9.11:*:*:*:*:postgresql:*:*", "matchCriteriaId": "3F3F9DF9-ED88-43C6-8164-AC5E57F27DA2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation."}, {"lang": "es", "value": "Las versiones 9.11 de pgAdmin est\u00e1n afectadas por una vulnerabilidad de omisi\u00f3n de restricci\u00f3n de restauraci\u00f3n mediante divulgaci\u00f3n de clave que ocurre al ejecutarse en modo servidor y al realizar restauraciones desde archivos de volcado en formato PLAIN. Un atacante con acceso a la interfaz web de pgAdmin puede observar una operaci\u00f3n de restauraci\u00f3n activa, extraer la clave '\\restrict' en tiempo real y competir con el proceso de restauraci\u00f3n sobrescribiendo el script de restauraci\u00f3n con una carga \u00fatil que reactiva los metacomandos usando '\\unrestrict '. Esto resulta en una ejecuci\u00f3n de comandos fiable en el host de pgAdmin durante la operaci\u00f3n de restauraci\u00f3n."}], "id": "CVE-2026-1707", "lastModified": "2026-02-26T22:20:45.413", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 3.7, "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-05T18:16:11.180", "references": [{"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "tags": ["Issue Tracking"], "url": "https://github.com/pgadmin-org/pgadmin4/issues/9518"}], "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"created": "2026-02-06T12:05:07.758510+00:00", "updated": "2026-02-06T12:05:07.758535+00:00", "vendors": ["pgadmin", "pgadmin$PRODUCT$pgadmin_4"]}