Lucene search
K

pgAdmin < 9.16 HTML Injection (CVE-2026-12047)

🗓️ 24 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 8 Views

HTML injection in pgAdmin before 9.16 allows authenticated users to inject markup via unencoded text.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-12047
18 Jun 202623:37
attackerkb
CVE
CVE-2026-12047
18 Jun 202623:37
cve
Cvelist
CVE-2026-12047 pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text
18 Jun 202623:37
cvelist
EUVD
EUVD-2026-37967
19 Jun 202600:31
euvd
Fedora
[SECURITY] Fedora 43 Update: pgadmin4-9.16-1.fc43
28 Jun 202601:10
fedora
Fedora
[SECURITY] Fedora 44 Update: pgadmin4-9.16-1.fc44
28 Jun 202600:58
fedora
Tenable Nessus
Fedora 43 : pgadmin4 (2026-5938be3b09)
28 Jun 202600:00
nessus
Tenable Nessus
Fedora 44 : pgadmin4 (2026-c248414214)
28 Jun 202600:00
nessus
NVD
CVE-2026-12047
19 Jun 202600:16
nvd
Positive Technologies
PT-2026-50813
18 Jun 202600:00
ptsecurity
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(322421);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/02");

  script_cve_id("CVE-2026-12047");

  script_name(english:"pgAdmin < 9.16 HTML Injection (CVE-2026-12047)");

  script_set_attribute(attribute:"synopsis", value:
"The pgAdmin instance installed on the remote host is affected by an HTML injection vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of pgAdmin installed on the remote host is prior to 9.16. It is, therefore, affected by
an HTML injection vulnerability:

  - Cloud deployment endpoints forward SDK exception text directly into JSON fields without
    HTML-encoding. The Cloud Wizard frontend renders these responses through html-react-parser,
    allowing an authenticated user to inject markup into the wizard panel. (CVE-2026-12047)

Note that Nessus has not tested for this issue but has instead relied only on the application's
self-reported version number.");
  # https://github.com/pgadmin-org/pgadmin4/blob/REL-9_16/docs/en_US/release_notes_9_16.rst
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?58802d4b");
  script_set_attribute(attribute:"see_also", value:"https://github.com/pgadmin-org/pgadmin4/issues/10069");
  script_set_attribute(attribute:"solution", value:
"Upgrade pgAdmin to version 9.16 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-12047");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:postgresql:pgadmin_4");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("postgresql_pgadmin4_macos_installed.nbin", "postgresql_pgadmin4_win_installed.nbin");
  script_require_keys("installed_sw/PostgreSQL pgAdmin4");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'checks': [
    {
      'product': {'name': 'PostgreSQL pgAdmin4', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'min_version': '6.6', 'fixed_version': '9.16'}
      ]
    }
  ]
};

var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_WARNING, flags:{"xss": "TRUE"});
vdf::handle_check_and_report_errors(vdf_result:result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Jul 2026 00:00Current
6Medium risk
Vulners AI Score6
CVSS 3.13.5 - 5.4
CVSS 44.8
EPSS0.00137
SSVC
8