Description
pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\unrestrict <key>`. This results in reliable command execution on the pgAdmin host during the restore operation.
References (1)
Core 1
Core References
Issue Tracking issue-tracking
https://github.com/pgadmin-org/pgadmin4/issues/9518
Scores
CVSS v3
7.4
EPSS
0.0002
EPSS Percentile
7.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (2)
pgadmin/pgadmin_4
9.11
pypi/pgadmin4
0 - 9.12PyPI
Published
Feb 05, 2026
Tracked Since
Feb 18, 2026