【Vulnerability Alert】Multiple high-risk security vulnerabilities (CVE-2026-12044 to CVE-2026-12050) exist in pgAdmin 4. Please confirm and patch them as soon as possible
Subject: 【Vulnerability Alert】Multiple high-risk security vulnerabilities (CVE-2026-12044 to CVE-2026-12050) exist in pgAdmin 4. Please confirm and patch them as soon as possible.
Description:
Forwarded from the National Information Security Analysis Center (NISAC) security alert NISAC-200-202607-00000002.
Researchers have discovered multiple high-risk security vulnerabilities (CVE-2026-12044 to CVE-2026-12050) in pgAdmin 4. The most critical one is CVE-2026-12046, an Insecure Deserialization vulnerability. When the product is running in server mode, and an attacker knows the Flask SECRET_KEY of pgAdmin and has write permissions to pgAdmin's Session directory, they can exploit this vulnerability to execute arbitrary code. Please confirm and apply the patches as soon as possible.