pgAdmin 4 v9.16 Patches Seven Vulnerabilities Including SQL Injection and AI Assistant RCE Risk
pgAdmin 4 version 9.16 fixes seven security flaws (CVE-2026-12044–12050), including a critical SQL injection in dialog templates and a prompt injection in the AI Assistant that could enable remote code execution via PostgreSQL's COPY TO PROGRAM.
The open-source PostgreSQL administration tool pgAdmin 4 has released version 9.16, addressing seven security vulnerabilities tracked as CVE-2026-12044 through CVE-2026-12050. The update, which also includes 64 bug fixes and several new features, is critical for the many enterprise and cloud deployments that rely on pgAdmin for database management.
Among the most severe flaws is CVE-2026-12044, an SQL injection vulnerability affecting sixteen dialog templates where user-controlled input was not properly sanitized. The issue has been resolved by switching to safer query handling methods and proper casting mechanisms. Another high-impact vulnerability, CVE-2026-12045, targets the AI Assistant feature. Attackers could exploit prompt injection to bypass read-only transaction restrictions, execute multi-statement payloads, and potentially achieve remote code execution through PostgreSQL's "COPY TO PROGRAM" capability when connected with elevated privileges.
Authentication and access control weaknesses were also patched. CVE-2026-12046 exposed two SQL Editor endpoints that lacked proper authentication checks, allowing unauthorized access and introducing a deserialization risk. The fix ensures all endpoints now enforce required login validation. Additionally, CVE-2026-12048 is a stored cross-site scripting (XSS) vulnerability that allowed malicious scripts embedded in PostgreSQL error messages or query plans to execute within the pgAdmin interface, potentially leading to credential theft and unauthorized database operations.
Other resolved issues include CVE-2026-12047, an HTML injection flaw in cloud deployment integrations where unsanitized SDK error messages were rendered in the browser; CVE-2026-12049, an open redirect vulnerability in multi-factor authentication flows; and CVE-2026-12050, an SQL injection flaw in the restore point functionality. All of these allowed user input to be inserted into SQL queries without proper parameterization.
Beyond security, pgAdmin 4 v9.16 introduces several usability enhancements. Users can now colorize panel and tab headers based on the connected server, making multi-server management more intuitive. A middle-click tab-closing feature has been added, along with improvements to OAuth2 login customization and password reset navigation. The release also includes support for new PostgreSQL storage parameters, improvements to JSON handling, and dependency upgrades, including Electron 42.3.3 and updated cryptography libraries.
The Helm chart now allows configurable container security contexts, improving deployment flexibility in Kubernetes environments. The release also enforces stricter access controls by removing a previously identified administrator role bypass and aligns SQL templates with PostgreSQL 14, the oldest supported version. Regarding deprecations, pgAgent has been officially marked for removal, and users are advised to migrate to alternative job scheduling solutions.
pgAdmin 4 version 9.16 is now available for download across multiple platforms, including Windows, macOS, Linux packages, Docker containers, and Python distributions. Organizations are strongly encouraged to upgrade promptly to mitigate the risk posed by these vulnerabilities and benefit from the latest improvements.