Fedora 42 pgadmin4 Update CVE-2026-40175 Remote Code Exec DoS Fix

fedora

April 23, 2026

Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718

Summary

pgAdmin is the most popular and feature rich Open Source administration and development

platform for PostgreSQL, the most advanced Open Source database in the world.

Update Information:

Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718. Update to pgadmin4-9.14.

Topics Covered

security advisory fedora update remote code execution pgadmin4 axios

Change Log

* Tue Apr 14 2026 Sandro Mani - 9.14-3 - Add pgadmin4_CVE-2026-40175.prebundle.patch * Thu Apr 9 2026 Sandro Mani - 9.14-2 - Rework vendor bundle, use corepack yarn * Thu Apr 2 2026 Sandro Mani - 9.14-1 - Update to 9.14 * Thu Apr 2 2026 Sandro Mani - 9.13-2 - Refresh vendor bundle, fixes CVE-2026-4800

References

[ 1 ] Bug #2454043 - CVE-2026-4800 pgadmin4: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454043 [ 2 ] Bug #2454310 - pgadmin4-9.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=2454310 [ 3 ] Bug #2454886 - Query Tool crashes with React error #130 in pgAdmin 9.14 (regression from 9.13) https://bugzilla.redhat.com/show_bug.cgi?id=2454886 [ 4 ] Bug #2456577 - CVE-2026-39865 pgadmin4: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2456577 [ 5 ] Bug #2457505 - CVE-2025-62718 pgadmin4: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2457505 [ 6 ] Bug #2457878 - CVE-2026-40175 pgadmin4: Axios: Remote Code Execution via Prototype Pollution escalation [...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b4633cbe23' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

important

Lowest

Low

Medium

High

Critical

Name: pgadmin4

Product: Fedora 42

Version: 9.14

Release: 3.fc42

URL: https://www.pgadmin.org/

Summary: Administration tool for PostgreSQL

Topics Covered

security advisory fedora update remote code execution pgadmin4 axios

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 42 pgadmin4 Update CVE-2026-40175 Remote Code Exec DoS Fix

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 42 pgadmin4 Update CVE-2026-40175 Remote Code Exec DoS Fix

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!