CVE-2026-1707

Name of the Vulnerable Software and Affected Versions pgAdmin version 9.11

Description pgAdmin version 9.11 is susceptible to a restriction bypass issue during restore operations when running in server mode and processing PLAIN-format dump files. An attacker with access to the pgAdmin web interface can potentially extract the restrict key during an active restore operation. This allows the attacker to race the restore process by overwriting the restore script with a payload that re-enables meta-commands using unrestrict <key>, leading to potential command execution on the pgAdmin host during the restore operation. The vulnerable operation involves restoring from PLAIN-format dump files.

Recommendations Apply a fix or update to a version newer than 9.11. At the moment, there is no information about a newer version that contains a fix for this vulnerability.