A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:HPgadmin
APPPgadmin< 7.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2026-12048CRITICAL9.3ten sam vendor
Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a P...
CVE-2026-12046CRITICAL9.5ten sam vendor
Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/<trans_id> and POS...
CVE-2026-12045CRITICAL9.4ten sam vendor
Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database conte...
CVE-2026-7813CRITICAL9.4PL ✓ten sam vendor
pgAdmin 4: nieautoryzowany dostęp i privilege escalation w trybie serwerowym
CVE-2025-13780CRITICAL9.1PL ✓ten sam vendor
RCE w pgAdmin 4 poprzez złośliwe pliki dump w trybie serwerowym