{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12047", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "state": "PUBLISHED", "assignerShortName": "PostgreSQL", "dateReserved": "2026-06-11T20:40:07.824Z", "datePublished": "2026-06-18T23:37:39.657Z", "dateUpdated": "2026-06-22T19:14:24.816Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2026-06-18T23:37:39.657Z"}, "title": "pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text", "affected": [{"vendor": "pgadmin.org", "product": "pgAdmin 4", "repo": "https://github.com/pgadmin-org/pgadmin4", "modules": ["Cloud Deployment", "Cloud RDS", "Cloud Azure", "Cloud Google"], "programFiles": ["https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/cloud/__init__.py", "https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/cloud/rds/__init__.py", "https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/cloud/azure/__init__.py", "https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/cloud/google/__init__.py", "https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/cloud/static/js/CloudWizard.jsx"], "versions": [{"status": "affected", "version": "6.6", "lessThan": "9.16", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "HTML injection in pgAdmin 4's cloud deployment module. The verify_credentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text \u2014 and the related file-resolution and database-commit exception text \u2014 into the JSON response body (the info and errormsg fields) without HTML-encoding. The Cloud Wizard frontend rendered these strings through html-react-parser, so an attacker-influenced exception message embedded structural HTML directly into the wizard's DOM.\n\nThe reported entry point is /rds/verify_credentials/. An authenticated pgAdmin user submits a crafted access_key whose value contains an <iframe/src=...> payload; AWS STS rejects the credential with an IncompleteSignature exception whose text quotes the access_key verbatim; the pgAdmin backend forwards that text into the JSON info field; the Cloud Wizard's FormFooterMessage parses it as HTML. The browser fetches the iframe's src from an attacker-controlled host, and JavaScript executing inside the cross-origin iframe writes to parent.location, redirecting the victim's pgAdmin tab. Because the injection renders inside pgAdmin's own interface, X-Frame-Options and Content-Security-Policy frame-ancestors do not mitigate it. Baseline impact is self-targeted (the same user who supplied the payload sees the injection); escalation against other authenticated users requires an additional cross-site request-forgery primitive capable of submitting the malformed credential request with a valid X-pgA-CSRFToken in the victim's browser context.\n\nThe same unsanitised-error-into-JSON pattern was present across multiple sibling endpoints \u2014 Azure's check_cluster_name_availability, every Google endpoint that surfaces SDK errors (verification_ack, projects, regions, instance_types, database_versions, the verify_credentials path-resolution branches), the central /deploy endpoint that bubbles str(e) from deploy_on_rds / deploy_on_azure / deploy_on_google, and update_cloud_server which surfaces the str(e) from a failing db.session.commit \u2014 all of which are now covered.\n\nFix HTML-escapes every external/SDK exception string at the endpoint sink via a new shared sanitize_external_text helper (HTML escape with control-character strip), promoted out of the psycopg3 driver into web/pgadmin/utils/text_sanitize.py. The Cloud Wizard frontend additionally renders its FormFooterMessage in plain-text mode for backend-derived strings, so the value is never parsed as HTML even if a future sink forgets the escape.\n\nThis issue affects pgAdmin 4: from 6.6 before 9.16."}], "references": [{"url": "https://github.com/pgadmin-org/pgadmin4/issues/10069", "tags": ["issue-tracking"]}, {"url": "https://github.com/pgadmin-org/pgadmin4/commit/60d149864b5fdd99675754c7996637737a24fce3", "tags": ["patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "Self-XSS only. The same authenticated pgAdmin user that submits the crafted cloud credential is the one whose browser renders the echoed error -- there is no third-party attacker driving a distinct victim, so the confused-deputy elements (S:C / C:H confidentiality uplift) do not apply. The frontend DOMPurify layer added by #10068 already neutralises the in-browser exploit; this fix is defence in depth that ensures non-browser JSON consumers (audit logs, scripted API clients) never see the raw markup either. Scored as I:L for that residual escape only; S:U because no authority is crossed.\n\nCross-user escalation would require an independent CSRF primitive capable of submitting the malformed credential request with a valid X-pgA-CSRFToken in the victim's browser context. That is not part of this defect."}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "LOW", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "Same reasoning as CVSS 3.1 -- self-XSS, no third-party attacker, no scope change. VI:L for the defence-in-depth backend escape that prevents the raw markup from reaching non-browser API consumers; no other impact."}], "cvssV4_0": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseScore": 4.8, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}, {"lang": "en", "description": "CWE-116 Improper Encoding or Escaping of Output", "cweId": "CWE-116", "type": "CWE"}]}], "credits": [{"lang": "en", "value": "Fernando Bortotti <fernando.bortotti@bsd.com.br>", "type": "finder"}, {"lang": "en", "value": "Ashesh Vashi <ashesh.vashi@enterprisedb.com>", "type": "remediation developer"}], "source": {"discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-22T19:13:58.685569Z", "id": "CVE-2026-12047", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T19:14:24.816Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-12047", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-22T19:13:58.685569Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T19:14:20.566Z"}}], "cna": {"title": "pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Fernando Bortotti <fernando.bortotti@bsd.com.br>"}, {"lang": "en", "type": "remediation developer", "value": "Ashesh Vashi <ashesh.vashi@enterprisedb.com>"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "Self-XSS only. The same authenticated pgAdmin user that submits the crafted cloud credential is the one whose browser renders the echoed error -- there is no third-party attacker driving a distinct victim, so the confused-deputy elements (S:C / C:H confidentiality uplift) do not apply. The frontend DOMPurify layer added by #10068 already neutralises the in-browser exploit; this fix is defence in depth that ensures non-browser JSON consumers (audit logs, scripted API clients) never see the raw markup either. Scored as I:L for that residual escape only; S:U because no authority is crossed.\n\nCross-user escalation would require an independent CSRF primitive capable of submitting the malformed credential request with a valid X-pgA-CSRFToken in the victim's browser context. That is not part of this defect."}]}, {"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en", "value": "Same reasoning as CVSS 3.1 -- self-XSS, no third-party attacker, no scope change. VI:L for the defence-in-depth backend escape that prevents the raw markup from reaching non-browser API consumers; no other impact."}]}], "affected": [{"repo": "https://github.com/pgadmin-org/pgadmin4", "vendor": "pgadmin.org", "modules": ["Cloud Deployment", "Cloud RDS", "Cloud Azure", "Cloud Google"], "product": "pgAdmin 4", "versions": [{"status": "affected", "version": "6.6", "lessThan": "9.16", "versionType": "custom"}], "programFiles": ["https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/cloud/__init__.py", "https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/cloud/rds/__init__.py", "https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/cloud/azure/__init__.py", "https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/cloud/google/__init__.py", "https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/misc/cloud/static/js/CloudWizard.jsx"], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/pgadmin-org/pgadmin4/issues/10069", "tags": ["issue-tracking"]}, {"url": "https://github.com/pgadmin-org/pgadmin4/commit/60d149864b5fdd99675754c7996637737a24fce3", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "HTML injection in pgAdmin 4's cloud deployment module. The verify_credentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text \u2014 and the related file-resolution and database-commit exception text \u2014 into the JSON response body (the info and errormsg fields) without HTML-encoding. The Cloud Wizard frontend rendered these strings through html-react-parser, so an attacker-influenced exception message embedded structural HTML directly into the wizard's DOM.\n\nThe reported entry point is /rds/verify_credentials/. An authenticated pgAdmin user submits a crafted access_key whose value contains an <iframe/src=...> payload; AWS STS rejects the credential with an IncompleteSignature exception whose text quotes the access_key verbatim; the pgAdmin backend forwards that text into the JSON info field; the Cloud Wizard's FormFooterMessage parses it as HTML. The browser fetches the iframe's src from an attacker-controlled host, and JavaScript executing inside the cross-origin iframe writes to parent.location, redirecting the victim's pgAdmin tab. Because the injection renders inside pgAdmin's own interface, X-Frame-Options and Content-Security-Policy frame-ancestors do not mitigate it. Baseline impact is self-targeted (the same user who supplied the payload sees the injection); escalation against other authenticated users requires an additional cross-site request-forgery primitive capable of submitting the malformed credential request with a valid X-pgA-CSRFToken in the victim's browser context.\n\nThe same unsanitised-error-into-JSON pattern was present across multiple sibling endpoints \u2014 Azure's check_cluster_name_availability, every Google endpoint that surfaces SDK errors (verification_ack, projects, regions, instance_types, database_versions, the verify_credentials path-resolution branches), the central /deploy endpoint that bubbles str(e) from deploy_on_rds / deploy_on_azure / deploy_on_google, and update_cloud_server which surfaces the str(e) from a failing db.session.commit \u2014 all of which are now covered.\n\nFix HTML-escapes every external/SDK exception string at the endpoint sink via a new shared sanitize_external_text helper (HTML escape with control-character strip), promoted out of the psycopg3 driver into web/pgadmin/utils/text_sanitize.py. The Cloud Wizard frontend additionally renders its FormFooterMessage in plain-text mode for backend-derived strings, so the value is never parsed as HTML even if a future sink forgets the escape.\n\nThis issue affects pgAdmin 4: from 6.6 before 9.16."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}, {"lang": "en", "type": "CWE", "cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output"}]}], "providerMetadata": {"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "shortName": "PostgreSQL", "dateUpdated": "2026-06-18T23:37:39.657Z"}}}, "cveMetadata": {"cveId": "CVE-2026-12047", "state": "PUBLISHED", "dateUpdated": "2026-06-22T19:14:24.816Z", "dateReserved": "2026-06-11T20:40:07.824Z", "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "datePublished": "2026-06-18T23:37:39.657Z", "assignerShortName": "PostgreSQL"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "pgadmin4: pgAdmin 4: HTML injection via unsanitized SDK exception messages in cloud deployment module", "id": "2490626", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490626"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-79", "details": ["A flaw was found in pgAdmin 4. An authenticated pgAdmin user can exploit an HTML injection vulnerability in the cloud deployment module. By submitting a crafted input that triggers an SDK exception, an attacker can embed structural HTML directly into the Cloud Wizard's interface. This can lead to client-side redirection or the execution of arbitrary code within the user's browser, potentially enabling information disclosure or further attacks."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-12047", "public_date": "2026-06-18T23:37:39Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-12047\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-12047\nhttps://github.com/pgadmin-org/pgadmin4/commit/60d149864b5fdd99675754c7996637737a24fce3\nhttps://github.com/pgadmin-org/pgadmin4/issues/10069"], "statement": "Moderate: An HTML injection vulnerability in pgAdmin 4's cloud deployment module allows an authenticated user to embed malicious HTML into the Cloud Wizard interface. This flaw, triggered by crafted input causing an SDK exception, can lead to client-side redirection or arbitrary code execution within the user's browser. While primarily self-targeted, it poses a risk of information disclosure and requires user authentication for exploitation.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.6,9.16)"}}], "enrichment": {"confidence": 89.0, "confidence_source": "matching", "scores": [{"score": 89.0, "source": "matching"}]}, "original": {"product": "pgAdmin 4", "source": "cna", "vendor": "pgadmin.org"}, "product": "pgadmin_4", "vendor": "pgadmin"}], "created": "2026-06-19T02:00:10.213644+00:00", "updated": "2026-06-24T20:30:04.382284+00:00", "vendors": ["pgadmin", "pgadmin$PRODUCT$pgadmin_4"]}