VIR Vulnerability Intelligence Relay

CVE-2026-7814

medium
Published 2026-05-11 · Modified 2026-05-18
CVSS v3
4.8
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CVSS v2
VIR risk
4.8

Description

pgAdmin 4: Stored cross-site scripting (XSS) vulnerability in Browser Tree and Explain Visualizer modules

Predictions

Exploit likelihood
58%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2026-7814.html

vendor Authored 2026-05-27

Vendor advisory: 134c704f-9b21-4f2e-91b3-4a467353bcc0 — https://github.com/pgadmin-org/pgadmin4/issues/9865

vendor Authored 2026-05-27

Vendor advisory: f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 — https://github.com/pgadmin-org/pgadmin4/pull/9865

OS impact
OSVersionStatusFixed in
suse slesaffected

Package impact
EcosystemPackageVulnerableFixed
python PyPIpgadmin4<9.159.15
PIPpgadmin4< 9.159.15

Application impact
VendorProductVersionsFixed
pgadminpgadmin_4{"startIncluding":"6.9","endExcluding":"9.15"}9.15

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.