Overview

pgAdmin 4, the most widely used open-source administration and development platform for PostgreSQL, has disclosed multiple critical vulnerabilities in a June 2026 security advisory. Used by virtually every database administrator managing PostgreSQL deployments, these flaws affect all releases prior to version 9.2. The advisory covers four CVEs: stored cross-site scripting (XSS) rated 9.3, an AI assistant security bypass rated 9.0, a cross-site request forgery (CSRF) rated 9.0, and SQL injection rated 8.8. Immediate patching is strongly recommended given the widespread deployment of pgAdmin in production environments.

Vulnerability Details

CVE-2026-12048 — Stored Cross-Site Scripting (CVSS 9.3, Critical)

A stored XSS vulnerability in the Query Tool and Table Data Editor allows authenticated attackers to inject malicious JavaScript via database object names or cell values that are subsequently rendered in other users’ sessions without adequate sanitisation. Successful exploitation can lead to session hijacking, credential theft, and arbitrary actions executed in the context of victim users — including those with full administrative privileges.

CVE-2026-12046 — Cross-Site Request Forgery (CVSS 9.0, Critical)

pgAdmin 4 fails to validate anti-CSRF tokens on several critical endpoints. An attacker can craft a malicious webpage that, when visited by an authenticated pgAdmin user, silently triggers sensitive operations such as creating new administrative accounts, modifying server configurations, or executing arbitrary SQL commands. The attack requires no user interaction beyond visiting the attacker-controlled page.

CVE-2026-12045 — AI Assistant Security Bypass (CVSS 9.0, Critical)

The integrated AI assistant feature does not properly enforce security boundaries when generating and executing database queries on behalf of users. Attackers can craft prompt injection payloads that bypass the assistant’s query validation layer, enabling unauthorised SQL execution against connected databases. This effectively allows a low-privileged user — or in some configurations an unauthenticated actor — to run arbitrary queries through the AI interface, potentially reading, modifying, or destroying data.

CVE-2026-12044 — SQL Injection (CVSS 8.8, High)

A SQL injection flaw in the Import/Export functionality arises from improper parameterisation of user-supplied table names and column mappings. An authenticated attacker can inject arbitrary SQL that executes with the privileges of pgAdmin’s backend database connection, leading to data exfiltration, modification, or in worst-case scenarios full server compromise.

Affected Versions

• pgAdmin 4 ≤ 9.1 (all prior releases)

All four CVEs affect versions up to and including 9.1.

Fix

The pgAdmin development team released version 9.2 on 19 June 2026, which addresses all four vulnerabilities:

• Fixed in: pgAdmin 4 version 9.2
• Release date: 19 June 2026
• Download: pgadmin.org/download/
• Advisory: pgadmin.org/security/

Recommendations

1. Upgrade immediately to pgAdmin 4 version 9.2 or later. This is the only complete mitigation for all four vulnerabilities.
2. Restrict network access: Ensure pgAdmin instances are not exposed to the public internet. Use VPNs, reverse proxies with authentication, or firewall rules to limit access to trusted networks only.
3. Enable multi-factor authentication for all pgAdmin user accounts where supported by your identity provider.
4. Audit pgAdmin logs for indicators of compromise, including unusual query patterns, unexpected user creation, or anomalous administrative actions executed outside of change windows.
5. Disable the AI assistant (config setting ENABLE_AI) if immediate patching is not feasible, to eliminate the CVE-2026-12045 attack surface.
6. Deploy WAF rules to detect and block XSS and SQL injection patterns targeting pgAdmin web endpoints as a defence-in-depth measure.