EUVD-2026-37964

🗓️ 19 Jun 2026 00:31:38Reported by EUVDType

SQL injection in pgAdmin 4 restore point endpoint via value field; fixed with bound parameter.

Reporter	Title	Published	Views	Family All 5
ATTACKERKB	CVE-2026-12050	18 Jun 202623:37	–	attackerkb
CVE	CVE-2026-12050	18 Jun 202623:37	–	cve
Cvelist	CVE-2026-12050 pgAdmin 4: SQL injection in named restore point endpoint	18 Jun 202623:37	–	cvelist
NVD	CVE-2026-12050	19 Jun 202600:16	–	nvd
Positive Technologies	PT-2026-50816	18 Jun 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "15f54d53-0bed-31df-baa1-597a0a4d3a89",
        "vendor": {
          "name": "pgadmin.org"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "abf33f3f-eca2-3f88-b080-9f75e5c43428",
        "product": {
          "name": "pgAdmin 4",
          "vendor": {
            "name": "pgadmin.org"
          }
        },
        "product_version": "1.0 <9.16"
      }
    ]
  }
]

Source	Link
github	www.github.com/pgadmin-org/pgadmin4/issues/10026
github	www.github.com/pgadmin-org/pgadmin4/commit/3379c39865d3ab6f52afce97361fb16bcdd77cd2
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-12050

19 Jun 2026 00:31Current

5.4Medium risk

Vulners AI Score5.4

CVSS 45.3

CVSS 3.14.3