Unrated

Unauthenticated deserialization reachability in pgAdmin 4 SQL Editor endpoints

IdentifiersCVE-2026-12046CWE-306

CVE-2026-12046 affects pgAdmin 4 server mode from 6.9 before 9.16. Two state-mutating SQL Editor blueprint routes, DELETE /sqleditor/close/<trans_id> and POST /sqleditor/initialize/sqleditor/update_connection/<sgid>/<sid>/<did>, were missing the @pga_login_required decorator used by the rest of the module. Because of that, unauthenticated requests could reach code paths that dereference session['gridData'][<trans_id>]['command_obj'] and invoke pickle.loads on that value. The close endpoint reaches the sink via close_sqleditor_session(), and the update_connection endpoint via check_transaction_status(). The issue is primarily a missing authentication on a critical function flaw that exposes a deserialization-of-untrusted-data sink. The defect is limited to server mode; DESKTOP mode re-authenticates DESKTOP_USER on every request via before_request, preventing unauthenticated access to these routes.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

By itself, the flaw exposes unauthenticated access to sensitive SQL Editor endpoints and allows an attacker to reach a pickle deserialization path. Remote code execution is only achievable if the attacker also has separate prerequisites not granted by this bug alone: knowledge of pgAdmin's Flask SECRET_KEY and write access to the host's pgAdmin sessions/ directory in order to forge a server-side session file whose gridData entry contains a malicious pickle payload. When those conditions are already satisfied through another compromise path or misconfiguration, this vulnerability becomes the final step enabling unauthenticated code execution in the pgAdmin process, and therefore on the host with the privileges of the account running pgAdmin.

Mitigation

If you can’t patch tonight, do this now.

Until patched, restrict network exposure of pgAdmin server-mode deployments, require access through trusted administrative networks, protect the Flask SECRET_KEY from disclosure, and prevent unauthorized write access to the pgAdmin sessions/ directory. Monitor for unexpected access to the affected SQL Editor endpoints. DESKTOP mode is not affected by this issue.

Remediation

Patch, then assume compromise.

Upgrade pgAdmin 4 to version 9.16 or later. The fix adds the missing @pga_login_required decorator to both affected endpoints so that the normal is_authenticated and MFA validation chain executes before trans_id is dereferenced and before the deserialization path is reached.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

PgadminPgadmin 4application

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

9 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

9 SOURCESView more in app

cyber security newsNews

Jun 22, 2026

pgAdmin 4 Released With Fixes for Seven Security Vulnerabilities and New Features

An authentication and access control flaw in pgAdmin 4 where two SQL Editor endpoints lacked proper authentication checks, enabling unauthorized access and creating deserialization risk.

cvefeed high severityNews

Jun 18, 2026

CVE-2026-12046 - pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution

A critical pgAdmin 4 server-mode vulnerability caused by missing authentication on two SQL Editor endpoints that can expose a deserialization path and enable remote code execution when additional prerequisites are already met.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity6

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-12046

NVD

nvd.nist.gov/vuln/detail/CVE-2026-12046

MITRE CWE · CWE-306

cwe.mitre.org