What is GHSA-j74f-g7vx-fh4x?

GHSA-j74f-g7vx-fh4x is a security advisory published by GitHub Security Advisories with High severity. pgAdmin 4: OS command injection vulnerability in Import/Export query export

Which CVE IDs does GHSA-j74f-g7vx-fh4x cover?

GHSA-j74f-g7vx-fh4x covers the following CVE IDs: CVE-2026-7816. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-j74f-g7vx-fh4x?

GHSA-j74f-g7vx-fh4x has a CVSS v3 base score of 8.8, published by GitHub Security Advisories.

Which products are affected by GHSA-j74f-g7vx-fh4x?

GHSA-j74f-g7vx-fh4x affects 1 product, including: pip/pgadmin4:\u003c 9.15.

GHSA-j74f-g7vx-fh4xHighCVSS 8.8

pgAdmin 4: OS command injection vulnerability in Import/Export query export

Vendor

GitHub Security Advisories

Published

May 11, 2026

Last Modified

May 18, 2026

🔗 CVE IDs covered (1)

CVE-2026-7816 →

📋 Description

OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template without sanitization. An authenticated user could inject ") TO PROGRAM 'cmd'" to break out of the \copy (...) context and achieve arbitrary command execution on the pgAdmin server, or ") TO '/path'" for arbitrary file write. Additional fields (format, on_error, log_verbosity) were also raw-interpolated and exploitable. Fix adds a parens-balance parser modeled on psql's strtokx tokenizer, allow-lists format/on_error/log_verbosity, rejects null bytes in the query, and tightens type and gating checks. This issue affects pgAdmin 4: before 9.15.

🎯 Affected products1

pip/pgadmin4:< 9.15

🔗 CVE IDs covered (1)

📋 Description

🎯 Affected products1

🔗 References (4)