EUVD-2026-29081

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

Fixes a local vulnerability (important)

Fixed CVE-2013-3709: make the secret token file secrettoken.rb readable only for the webyast user to avoid forging the session cookie bnc851116 reported by joernchen of Phenoelit...