CVE-2026-7813 - Vulnerability Analysis
CriticalCVSS: 9.9Last Updated: May 11, 2026
pgAdmin 4 - Broken Access Control
Overview
pgAdmin 4 < 9.15 contains an authorization vulnerability caused by improper access control in server mode modules, letting authenticated users access or modify other users' private server data and execute arbitrary commands, exploit requires authentication.
Severity & Score
Impact
Authenticated attackers can access or modify other users' private server data and execute arbitrary commands, leading to privilege escalation and data compromise.
Mitigation
Update to version 9.15 or later.
References
Social Media Activity(2 posts)
š“ CVE-2026-7813 - Critical (9.9) Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. ... š https://www.thehackerwire.com/vulnerability/CVE-2026-7813/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-7813 - Critical (9.9) Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. ... š https://www.thehackerwire.com/vulnerability/CVE-2026-7813/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-7813
- Severity
- Critical
- CVSS Score
- 9.9
- Type
- broken_access_control
- Status
- new
- EPSS
- 5.8%
- Social Posts
- 2
CWE
- CWE-284
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H