CVE-2026-7816 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 11, 2026
pgAdmin 4 - Command Injection
Overview
pgAdmin 4 < 9.15 contains a command injection caused by unsanitized user input in the Import/Export query export \\copy metacommand template, letting authenticated users execute arbitrary commands or write files on the server, exploit requires authentication.
Severity & Score
Impact
Authenticated users can execute arbitrary commands or write files on the server, leading to full server compromise.
Mitigation
Upgrade to version 9.15 or later.
Social Media Activity(2 posts)
š CVE-2026-7816 - High (8.8) OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject ") TO PROGRAM 'cmd'... š https://www.thehackerwire.com/vulnerability/CVE-2026-7816/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-7816 - High (8.8) OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject ") TO PROGRAM 'cmd'... š https://www.thehackerwire.com/vulnerability/CVE-2026-7816/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-7816
- Severity
- High
- CVSS Score
- 8.8
- Type
- command_injection
- Status
- new
- EPSS
- 19.1%
- Social Posts
- 2
CWE
- CWE-89
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H