CVE-2026-7819 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: May 11, 2026
pgAdmin 4 - Path Traversal
Overview
pgAdmin 4 < 9.15 contains a symbolic-link path traversal caused by improper resolution of symbolic links in file access checks, letting authenticated users write to arbitrary paths accessible by the pgAdmin process, exploit requires user authentication.
Severity & Score
Impact
Authenticated users can write to arbitrary files, potentially leading to data tampering or privilege escalation.
Mitigation
Upgrade to version 9.15 or later.
Social Media Activity(2 posts)
š CVE-2026-7819 - High (8.1) Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_access_permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated u... š https://www.thehackerwire.com/vulnerability/CVE-2026-7819/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-7819 - High (8.1) Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_access_permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated u... š https://www.thehackerwire.com/vulnerability/CVE-2026-7819/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-7819
- Severity
- High
- CVSS Score
- 8.1
- Type
- path_traversal
- Status
- new
- EPSS
- 4.1%
- Social Posts
- 2
CWE
- CWE-61
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H