CVE-2026-7820
A flaw was found in pgadmin4. pgAdmin enforces MAXLOGINATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login view, which is registered automatically by security.initapp and is reachable on every server, never consulted the User.locked field: pgAdmin's User mode...