2 matches found
CVE-2026-12045
The CVE-2026-12045 affects pgAdmin 4 (from version 9.13 up to before 9.16) and concerns the AI Assistant read-only transaction bypass. A prompt-injection vulnerability allows an attacker who can influence content seen by the AI Assistant to craft LLM-generated SQL payloads that bypass the BEGIN T...
CVE-2026-7817
PgAdmin 4 LLM API configuration endpoints are affected by CVE-2026-7817, which exposes Local File Inclusion (LFI) and Server-Side Request Forgery (SSRF). An authenticated user can abuse api_key_file and api_url preferences to read arbitrary server-side files or trigger requests to internal target...