3 matches found
pgAdmin 9.x < 9.16 Read-Only Transaction Bypass (CVE-2026-12045)
The version of pgAdmin installed on the remote host is 9.x prior to 9.16. It is, therefore, affected by a read-only transaction bypass vulnerability: - The AI Assistant's executesqlquery tool accepts multi-statement payloads. A single COMMIT followed by a write-statement terminates the enclosing...
CVE-2026-12045
Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user's database role. The AI Assistant's executesqlquery tool runs LLM-generated SQL inside a BEGIN...
PT-2026-50811
Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 9.13 through 9.15 Description A read-only transaction bypass exists in the pgAdmin 4 AI Assistant, allowing an attacker who can influence database content read by the assistant to execute arbitrary SQL with the privileges of...