Published : June 18, 2026, 11:37 p.m. | 1 hour, 31 minutes ago
Description :Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execute arbitrary SQL with the privileges of the pgAdmin user’s database role.
The AI Assistant’s execute_sql_query tool runs LLM-generated SQL inside a BEGIN TRANSACTION READ ONLY wrapper to prevent data modification. The LLM-supplied query was forwarded to the database driver without restriction to a single statement or to read-only verbs, so a multi-statement payload beginning with COMMIT, END, ROLLBACK, or ABORT terminated the read-only transaction and ran subsequent statements in autocommit mode. The trailing ROLLBACK then had no effect.
Delivery is via prompt injection: an attacker who can write content into any object the AI Assistant may inspect (a row, a column value, a comment) can cause the LLM to emit the multi-statement payload as a tool call. With ordinary write privileges on the pgAdmin user’s role the attacker can perform unauthorised data modification. When the pgAdmin user’s role is a PostgreSQL superuser or holds pg_execute_server_program, the chain extends to remote code execution on the database server host via COPY … TO PROGRAM.
Fix validates the LLM-supplied query up front: it must parse to exactly one non-empty / non-comment statement whose leading real token (after stripping whitespace, comments, and punctuation) is one of SELECT, WITH, EXPLAIN, SHOW, VALUES, or TABLE. Transaction-control verbs, DML, DDL, CALL, COPY, DO, SET/RESET, and everything else are rejected before any database work happens. PostgreSQL’s READ ONLY mode continues to backstop data-modifying CTEs, EXPLAIN ANALYZE on writes, and volatile side effects.
This issue affects pgAdmin 4: from 9.13 before 9.16.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
🤖 AI-Generated Patch Solution
Google Gemini (gemini-2.5-flash) • CVE: CVE-2026-12045
N/A
NVD unreachable: cURL error 28: Operation timed out after 20000 milliseconds with 0 out of -1 bytes received
1. IMMEDIATE ACTIONS
1. Inventory Affected Assets: Identify all systems, applications, and services that might be running components potentially susceptible to a vulnerability of this nature (e.g., web servers, application servers, API gateways, backend services, specific frameworks or libraries). Prioritize critical assets.
2. Isolate or Restrict Access: For highly critical systems, consider temporary network segmentation or strict firewall rules to limit external exposure to potentially vulnerable components. Restrict access to only essential services and trusted IP ranges.
3. Review Logs for Indicators of Compromise (IoCs): Immediately begin reviewing system logs, application logs, web server logs (e.g., Apache access_log, nginx access.log), and security event logs (e.g., Windows Event Logs, syslog) for any anomalous activity. Look for unusual requests, unexpected process execution, unauthorized file modifications, or outbound connections to suspicious IP addresses.
4. Prepare Incident Response Plan: Ensure your organization's incident response team is aware and on standby. Confirm communication channels and escalation paths are clear.
5. Backup Critical Data: Perform immediate backups of critical data and system configurations for potentially affected systems to facilitate recovery if compromise occurs.
2. PATCH AND UPDATE INFORMATION
1. Monitor Vendor Advisories: Continuously monitor official vendor security advisories, mailing lists, and security bulletins for the specific software or framework identified as potentially vulnerable. This is the primary source for official patches, workarounds, and detailed vulnerability information.
2. Subscribe to Security Feeds: Subscribe to reputable security news feeds, vulnerability databases (like NVD once it's updated), and industry-specific security groups for real-time updates regarding CVE-2026-12045.
3. Plan for Immediate Patch Deployment: Once a patch is released, prioritize its deployment. Establish a rapid patching process for critical vulnerabilities, including testing in a staging environment before production rollout, if feasible within the urgency.
4. Verify Patch Application: After applying patches, verify that the updates have been successfully installed and that the vulnerability is no longer present using appropriate methods (e.g., version checks, vulnerability scans with updated signatures).
3. MITIGATION STRATEGIES
1. Network Segmentation: Implement strong network segmentation to isolate critical applications and databases from less trusted networks. This limits the lateral movement an attacker can achieve even if an initial compromise occurs.
2. Web Application Firewall (WAF) Rules: Deploy or update WAF rules to detect and block suspicious requests targeting common vulnerability patterns (e.