HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-12048Published Modified CNA PostgreSQL

CVE-2026-12048: pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields) was passed verbatim through html-react-parser at every user-facing sink — the notifier toasts, FormFooterMessage / FormInput help and error areas, FormNote, ModalProvider AlertContent and confirmDelete, ToolErrorView, the Explain visualiser's NodeText panel, the SQL editor confirm dialogs, ConfirmSaveContent, PreferencesHelper modal alerts, and SelectThemes helper text. A PostgreSQL server an attacker controls — or any server returning attacker-influenced text such as a table or column name a low-privilege database user can create — could inject arbitrary HTML (including <iframe>) into the pgAdmin DOM the moment the victim's pgAdmin connected to that server or viewed an Explain plan that referenced the crafted object. The injected iframe's srcdoc could fetch attacker-served JavaScript and, by writing to parent.location, redirect the victim's top-level pgAdmin browser tab to an attacker-controlled URL. Because the injection originates from inside pgAdmin's own interface, standard anti-clickjacking controls (X-Frame-Options, Content-Security-Policy: frame-ancestors) do not mitigate it. A phishing page rendered inside the legitimate pgAdmin window is indistinguishable from a genuine pgAdmin dialog. Fix combines three complementary layers. (1) DOMPurify sanitisation is wrapped around every html-react-parser call site reachable from notifier, alert, form-error, Explain, and SQL-editor flows. (2) A new plain-text rendering contract — SafeMessage / SafeHtmlMessage components plus Notifier.errorText / alertText / warningText / infoText / successText helpers — is introduced; around fifty callers across browser, tools, dashboard, debugger, misc, llm, preferences, schema diff, and the SQL editor that previously interpolated backend-derived strings are migrated to the plain-text variants. (3) Backend HTML-escape is applied at the post-connection-SQL handler (execute_post_connection_sql) via a new sanitize_external_text helper, so third-party JSON consumers (audit logs, API clients) never receive raw markup either; the Explain plan-info renderer is also patched to _.escape Recheck Cond and Exact Heap Blocks at construction (matching every sibling field), giving defence in depth even before DOMPurify runs. This issue affects pgAdmin 4: from 6.0 before 9.16.

Metrics

CVSS v4.0
9.3
Severity
CRITICAL
Fixed in
9.16
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Stored cross-site scripting (XSS) in pgAdmin 4 affects the error-rendering and query-plan-visualization paths. A network-accessible attacker with no credentials of their own needs only to control a PostgreSQL server, or to have created a database object with a crafted name that a victim's pgAdmin instance later renders. Successful exploitation lets the attacker inject arbitrary HTML and JavaScript into the victim's pgAdmin browser session, redirect the top-level tab to a phishing page, and read or tamper with anything visible in that session. A patched-image rebuild at version 9.16 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-12048 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds (PostgreSQL CNA) within minutes of publication and matched against customer images in connected registries and CI pipelines, including custom-built images that bundle pgAdmin 4 from version 6.0 through 9.15.

Available
Triage

HarborGuard scores this CVE at 9.3 CVSS v4 (Critical) and surfaces it with that severity in every affected environment's finding queue; per-environment compliance policy weighting can escalate or re-route the finding to the appropriate team inbox inside each customer organization.

Available
Patch

A patched-image rebuild at pgAdmin 4 version 9.16 becomes available on HarborGuard for any image found to include an affected release. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs regression tests, and opens a pull request against affected workloads; for Critical-severity issues the median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be reachable over the network, either by operating a PostgreSQL server the victim connects to or by having planted a crafted object name on a server the victim's pgAdmin queries.

  • AuthenticationNot required

    No credentials against the pgAdmin application are required; the attacker exploits the rendering path through content returned by a database server they influence.

  • Victim interactionRequired

    The victim must take an action that triggers rendering of attacker-controlled server text, such as connecting to the crafted server, loading a query result, or viewing an Explain plan that references the malicious object.

  • Attack complexityDetail

    Attack complexity is low: no race conditions or special environmental preconditions are needed; any PostgreSQL server returning attacker-influenced text reliably triggers the injection at the rendering callsite.

Blast Radius

  • Reads the victim's active pgAdmin session state, including saved server credentials and query history visible in the current tab.
  • Injects a hidden iframe that fetches and executes attacker-served JavaScript inside the legitimate pgAdmin origin, bypassing X-Frame-Options and CSP frame-ancestors controls.
  • Rewrites the victim's top-level browser tab to an attacker-controlled URL, enabling a phishing page rendered inside the genuine pgAdmin window that is visually indistinguishable from a real dialog.
  • Modifies or exfiltrates anything the victim's pgAdmin session can reach on connected PostgreSQL servers, because the injected script runs under the same browser origin as the pgAdmin interface.

How HarborGuard Handles This

Available on HarborGuard: images containing pgAdmin 4 below version 9.16 are flagged Critical immediately on scan. Where compliance policy permits auto-remediation, HarborGuard rebuilds the image at version 9.16 (which introduces DOMPurify sanitization at every html-react-parser callsite and the SafeMessage/SafeHtmlMessage rendering contract), runs a regression suite, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for Critical-severity issues is around 90 minutes in environments with auto-remediation enabled. For environments where auto-remediation is not enabled or a patch cannot be applied immediately, HarborGuard surfaces the finding in the compliance queue so teams can apply compensating controls such as network-policy rules restricting which PostgreSQL servers pgAdmin instances may reach, egress filtering to prevent injected iframes from fetching external scripts, and access controls limiting who can create database objects with arbitrary names on shared servers. HarborGuard re-checks the advisory on every ingest cycle, so any revision to the fix version or scope is reflected in scan results without manual intervention.

See how HarborGuard automates this

Fix available

9.16
Patch commits
Affected packages
  • pgadmin.org / pgAdmin 4
    < 9.16 (from 6.0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
References