-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9a4d6dd8eb 2026-03-02 00:56:30.545295+00:00 --------------------------------------------------------------------------------
Name : pgadmin4 Product : Fedora 42 Version : 9.12 Release : 2.fc42 URL : https://www.pgadmin.org/ Summary : Administration tool for PostgreSQL Description : pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world.
-------------------------------------------------------------------------------- Update Information:
Refresh vendored bundle. fixes multiple CVEs. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 21 2026 Sandro Mani manisandro@gmail.com - 9.12-2 - Refresh vendor bundle, fixes svelte CVEs -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2439021 - CVE-2026-25639 pgadmin4: Axios affected by Denial of Service via __proto__ Key in mergeConfig [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2439021 [ 2 ] Bug #2439027 - CVE-2026-25639 pgadmin4: Axios affected by Denial of Service via __proto__ Key in mergeConfig [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2439027 [ 3 ] Bug #2441546 - CVE-2026-27125 pgadmin4: Svelte SSR attribute spreading includes inherited properties from prototype chain [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2441546 [ 4 ] Bug #2441547 - CVE-2026-27122 pgadmin4: Svelte SSR does not validate dynamic element tag names in `svelte:element` [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2441547 [ 5 ] Bug #2441548 - CVE-2026-27125 pgadmin4: Svelte SSR attribute spreading includes inherited properties from prototype chain [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2441548 [ 6 ] Bug #2441549 - CVE-2026-27121 pgadmin4: Svelte affected by cross-site scripting via spread attributes in Svelte SSR [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2441549 [ 7 ] Bug #2441550 - CVE-2026-27119 pgadmin4: Svelte affected by XSS in SSR `<option>` element [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2441550 [ 8 ] Bug #2441551 - CVE-2026-27122 pgadmin4: Svelte SSR does not validate dynamic element tag names in `svelte:element` [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2441551 [ 9 ] Bug #2441552 - CVE-2026-27121 pgadmin4: Svelte affected by cross-site scripting via spread attributes in Svelte SSR [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2441552 [ 10 ] Bug #2441553 - CVE-2026-27119 pgadmin4: Svelte affected by XSS in SSR `<option>` element [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2441553 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9a4d6dd8eb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------