Unrated

Missing authentication on pgAdmin 4 SQL Editor endpoints leading to deserialization path exposure

IdentifiersCVE-2026-12046CWE-306

CVE-2026-12046 affects pgAdmin 4 in server mode from 6.9 before 9.16. Two state-mutating SQL Editor blueprint routes, DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did>, were missing the @pga_login_required decorator used by the rest of the module. Both routes could reach a pickle.loads deserialization sink operating on session['gridData'][<trans_id>]['command_obj']: the close route via close_sqleditor_session() and the update_connection route via check_transaction_status(). Because these endpoints were reachable without an authenticated pgAdmin session in server mode, the flaw exposed a critical function without required authentication and left a deserialization path reachable to unauthenticated requests. The issue does not affect DESKTOP mode, where pgAdmin re-authenticates DESKTOP_USER on every request.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

By itself, the defect exposes unauthenticated access to state-mutating SQL Editor endpoints and a reachable unsafe deserialization path. If an attacker also has separate prerequisites not granted by this flaw—specifically knowledge of pgAdmin's Flask SECRET_KEY and write access to the host's pgAdmin sessions/ directory to forge a malicious server-side session file containing a crafted pickle payload—the vulnerability can be used as the final step to trigger unauthenticated remote code execution in the pgAdmin process. Resulting code execution would occur with the privileges of the account running pgAdmin and could therefore lead to host compromise, persistence, or further lateral movement depending on that account's permissions.

Mitigation

If you can’t patch tonight, do this now.

Until patched, reduce exposure of pgAdmin server-mode deployments to trusted networks only, enforce strict access controls in front of the application, protect the Flask SECRET_KEY from disclosure, and prevent unauthorized write access to the pgAdmin sessions/ directory on the host. Monitor for unexpected access to the affected SQL Editor endpoints and for tampering with server-side session files. DESKTOP mode is not affected.

Remediation

Patch, then assume compromise.

Upgrade pgAdmin 4 to version 9.16 or later. The fix adds the missing @pga_login_required decorator to both affected endpoints so that authentication, including the is_authenticated and MFA validation chain, is enforced before trans_id is dereferenced and before the deserialization path can be reached by an unauthenticated request.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

PgadminPgadmin 4application

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

7 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

7 SOURCESView more in app

cyber security newsNews

Jun 22, 2026

pgAdmin 4 Released With Fixes for Seven Security Vulnerabilities and New Features

An authentication and access control flaw in pgAdmin 4 where two SQL Editor endpoints lacked proper authentication checks, enabling unauthorized access and creating deserialization risk.

cvefeed high severityNews

Jun 18, 2026

CVE-2026-12046 - pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution

A critical pgAdmin 4 server-mode vulnerability caused by missing authentication on two SQL Editor endpoints that can expose a deserialization path and enable remote code execution when additional prerequisites are already met.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity5

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-12046

NVD

nvd.nist.gov/vuln/detail/CVE-2026-12046

MITRE CWE · CWE-306

cwe.mitre.org