CVE-2026-7815 | pgAdmin 4 up to 9.14 sql injection

A vulnerability classified as critical has been found in pgAdmin 4 up to 9.14. This impacts an unknown function. Performing a manipulation of the argument buffer_usage_limit/vacuum_parallel/vacuum_index_cleanup/reindex_tablespace results in sql injection.

This vulnerability was named CVE-2026-7815. The attack may be initiated remotely. There is no available exploit.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More