HIGH 7.9

GHSA-6859-2qxq-ffv2

pgadmin4 is affected by a Cross-Origin Opener Policy (COOP) vulnerability

Details

pgAdmin <= 9.7 is affected by a Cross-Origin Opener Policy (COOP) vulnerability. This vulnerability allows an attacker to manipulate the OAuth flow, potentially leading to unauthorised account access, account takeover, data breaches, and privilege escalation.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pgadmin4

Introduced in: 0 Fixed in: 9.8

Fix pip install --upgrade 'pgadmin4>=9.8'

References

https://nvd.nist.gov/vuln/detail/CVE-2025-9636 [ADVISORY]
https://github.com/pgadmin-org/pgadmin4/issues/9114 [WEB]
https://github.com/pgadmin-org/pgadmin4/commit/cdeb18fcbb139a200b5a4779c82f9cd1aaaf3c89 [WEB]
https://github.com/pgadmin-org/pgadmin4 [PACKAGE]