CVE-2026-12046 | pgAdmin 4 up to 9.15 /sqleditor/close close_sqleditor_session session['gridData'] missing authentication (Issue 10072 / WID-SEC-2026-2005)
A vulnerability classified as critical has been found in pgAdmin 4 up to 9.15. The affected element is the function close_sqleditor_session of the file /sqleditor/close. This manipulation of the argument session['gridData'] causes missing authentication.
This vulnerability is handled as CVE-2026-12046. The attack can be initiated remotely. There is not any exploit available.
It is recommended to upgrade the affected component.