CVE-2026-7817: Vulnerability in pgadmin.org pgAdmin 4
Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing api_key_file at any path readable by the pgAdmin process, or coerce pgAdmin into making requests to internal targets (e.g. cloud metadata services such as 169.254.169.254) by setting api_url, exploiting the chat path and model-list endpoints. Fix restricts api_key_file to the user's private storage (server mode) or home directory (desktop mode), enforces a printable-ASCII key shape and a 1024-byte read cap, and gates api_url against a configurable allow-list (config.ALLOWED_LLM_API_URLS) at every entry point. This issue affects pgAdmin 4: before 9.15.
AI Analysis
Technical Summary
This vulnerability affects pgAdmin 4 versions prior to 9.15 and involves improper validation of user-supplied api_key_file and api_url preferences in the LLM API configuration endpoints. An authenticated user could exploit this to perform local file inclusion by specifying arbitrary readable file paths, or conduct server-side request forgery by directing the server to make requests to internal network targets such as cloud metadata services. The fix implemented restricts api_key_file access to user private storage or home directories, enforces a printable ASCII key format with a 1024-byte read limit, and applies a configurable allow-list for api_url at all entry points.
Potential Impact
Successful exploitation allows an authenticated user to read arbitrary files accessible by the pgAdmin process, potentially exposing sensitive information. Additionally, SSRF could enable the server to make unauthorized requests to internal services, which might lead to information disclosure or further internal network attacks. The CVSS score of 6.5 reflects a medium severity with high confidentiality impact but no integrity or availability impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. The described fix restricts file access and URL targets to mitigate the vulnerability. Users should upgrade to pgAdmin 4 version 9.15 or later once available. Until then, restrict access to authenticated users only and monitor for unusual activity related to LLM API configuration endpoints.
CVE-2026-7817: Vulnerability in pgadmin.org pgAdmin 4
Description
Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing api_key_file at any path readable by the pgAdmin process, or coerce pgAdmin into making requests to internal targets (e.g. cloud metadata services such as 169.254.169.254) by setting api_url, exploiting the chat path and model-list endpoints. Fix restricts api_key_file to the user's private storage (server mode) or home directory (desktop mode), enforces a printable-ASCII key shape and a 1024-byte read cap, and gates api_url against a configurable allow-list (config.ALLOWED_LLM_API_URLS) at every entry point. This issue affects pgAdmin 4: before 9.15.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects pgAdmin 4 versions prior to 9.15 and involves improper validation of user-supplied api_key_file and api_url preferences in the LLM API configuration endpoints. An authenticated user could exploit this to perform local file inclusion by specifying arbitrary readable file paths, or conduct server-side request forgery by directing the server to make requests to internal network targets such as cloud metadata services. The fix implemented restricts api_key_file access to user private storage or home directories, enforces a printable ASCII key format with a 1024-byte read limit, and applies a configurable allow-list for api_url at all entry points.
Potential Impact
Successful exploitation allows an authenticated user to read arbitrary files accessible by the pgAdmin process, potentially exposing sensitive information. Additionally, SSRF could enable the server to make unauthorized requests to internal services, which might lead to information disclosure or further internal network attacks. The CVSS score of 6.5 reflects a medium severity with high confidentiality impact but no integrity or availability impact.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. The described fix restricts file access and URL targets to mitigate the vulnerability. Users should upgrade to pgAdmin 4 version 9.15 or later once available. Until then, restrict access to authenticated users only and monitor for unusual activity related to LLM API configuration endpoints.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- PostgreSQL
- Date Reserved
- 2026-05-04T21:26:58.879Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a01f795cbff5d86102f2193
Added to database: 5/11/2026, 3:36:53 PM
Last enriched: 5/11/2026, 3:53:08 PM
Last updated: 5/12/2026, 3:48:17 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.