{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-7817","assignerOrgId":"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007","state":"PUBLISHED","assignerShortName":"PostgreSQL","dateReserved":"2026-05-04T21:26:58.879Z","datePublished":"2026-05-11T14:35:51.384Z","dateUpdated":"2026-05-11T16:07:55.788Z"},"containers":{"cna":{"providerMetadata":{"orgId":"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007","shortName":"PostgreSQL","dateUpdated":"2026-05-11T14:35:51.384Z"},"title":"pgAdmin 4: Local file inclusion and server-side request forgery in LLM API configuration endpoints","datePublic":"2026-05-11T10:30:00.000Z","affected":[{"vendor":"pgadmin.org","product":"pgAdmin 4","repo":"https://github.com/pgadmin-org/pgadmin4","modules":["AI Assistant"],"programFiles":["https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/llm/utils.py","https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/llm/__init__.py"],"versions":[{"status":"affected","version":"9.13","lessThan":"9.15","versionType":"custom"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints.\n\nUser-supplied api_key_file and api_url preferences were passed to the LLM provider clients without validation. An authenticated user could read arbitrary server-side files by pointing api_key_file at any path readable by the pgAdmin process, or coerce pgAdmin into making requests to internal targets (e.g. cloud metadata services such as 169.254.169.254) by setting api_url, exploiting the chat path and model-list endpoints.\n\nFix restricts api_key_file to the user's private storage (server mode) or home directory (desktop mode), enforces a printable-ASCII key shape and a 1024-byte read cap, and gates api_url against a configurable allow-list (config.ALLOWED_LLM_API_URLS) at every entry point.\n\nThis issue affects pgAdmin 4: before 9.15."}],"references":[{"url":"https://github.com/pgadmin-org/pgadmin4/issues/9900","tags":["issue-tracking"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"Authenticated pgAdmin user. LFI is bounded to files readable by the pgAdmin process; SSRF egresses from the pgAdmin process. S:U and I:N reflect that impact stays within pgAdmin's process scope and is read-only. Network-positioning impact (e.g., reaching cloud metadata) depends on deployment topology and is not assumed in the base score."}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"Authenticated pgAdmin user. LFI is bounded to files readable by the pgAdmin process; SSRF egresses from the pgAdmin process. S:U and I:N reflect that impact stays within pgAdmin's process scope and is read-only. Network-positioning impact (e.g., reaching cloud metadata) depends on deployment topology and is not assumed in the base score."}],"cvssV4_0":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","baseScore":7.1,"baseSeverity":"HIGH"}}],"credits":[{"lang":"en","type":"finder","value":"j3seer"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-552","lang":"en","description":"CWE-552 Files or Directories Accessible to External Parties"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-11T16:07:51.790149Z","id":"CVE-2026-7817","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-11T16:07:55.788Z"}}]}}