CVE-2026-7819

HIGH 8.1

pgAdmin 4: Symbolic-link path traversal in File Manager allows arbitrary file write

CVSS Score

8.1

EPSS Score

0.0%

EPSS Percentile

0th

Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_access_permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storage directory pointing outside it and induce pgAdmin to write to any path reachable by the pgAdmin process. Fix switches the access check to os.path.realpath for both source and destination, and adds an _open_upload_target helper that opens the target with O_NOFOLLOW (mode 0o600) to close the leaf-component TOCTOU between the access check and the open. File mode is hardened from 0o644 to 0o600. This issue affects pgAdmin 4: before 9.15.

Vendor	pgadmin.org
Product	pgadmin 4
Published	May 11, 2026
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for pgadmin.org pgadmin 4

Be the first to know when new high vulnerabilities affecting pgadmin.org pgadmin 4 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

Affected Versions

pgadmin.org / pgAdmin 4

0 < 9.15

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/pgadmin-org/pgadmin4/issues/9902

Credits

Fernando Bortotti