{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34725", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T18:41:20.753Z", "datePublished": "2026-04-02T18:02:35.720Z", "dateUpdated": "2026-04-03T03:55:56.991Z"}, "containers": {"cna": {"title": "dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/dbgate/dbgate/security/advisories/GHSA-35xm-qvjg-8m42", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dbgate/dbgate/security/advisories/GHSA-35xm-qvjg-8m42"}, {"name": "https://github.com/dbgate/dbgate/commit/a7d2ed11f3f3d4dfb5d2e4e5467dedafa5fa947e", "tags": ["x_refsource_MISC"], "url": "https://github.com/dbgate/dbgate/commit/a7d2ed11f3f3d4dfb5d2e4e5467dedafa5fa947e"}, {"name": "https://github.com/dbgate/dbgate/releases/tag/v7.1.5", "tags": ["x_refsource_MISC"], "url": "https://github.com/dbgate/dbgate/releases/tag/v7.1.5"}], "affected": [{"vendor": "dbgate", "product": "dbgate", "versions": [{"version": ">= 7.0.0, < 7.1.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T18:02:35.720Z"}, "descriptions": [{"lang": "en", "value": "DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because Electron is configured with nodeIntegration: true and contextIsolation: false. This issue has been patched in version 7.1.5."}], "source": {"advisory": "GHSA-35xm-qvjg-8m42", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-34725"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T03:55:56.991Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34725", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-02T19:12:27.609570Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T19:12:33.702Z"}}], "cna": {"title": "dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration", "source": {"advisory": "GHSA-35xm-qvjg-8m42", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "dbgate", "product": "dbgate", "versions": [{"status": "affected", "version": ">= 7.0.0, < 7.1.5"}]}], "references": [{"url": "https://github.com/dbgate/dbgate/security/advisories/GHSA-35xm-qvjg-8m42", "name": "https://github.com/dbgate/dbgate/security/advisories/GHSA-35xm-qvjg-8m42", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/dbgate/dbgate/commit/a7d2ed11f3f3d4dfb5d2e4e5467dedafa5fa947e", "name": "https://github.com/dbgate/dbgate/commit/a7d2ed11f3f3d4dfb5d2e4e5467dedafa5fa947e", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/dbgate/dbgate/releases/tag/v7.1.5", "name": "https://github.com/dbgate/dbgate/releases/tag/v7.1.5", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because Electron is configured with nodeIntegration: true and contextIsolation: false. This issue has been patched in version 7.1.5."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T18:02:35.720Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34725", "state": "PUBLISHED", "dateUpdated": "2026-04-02T19:12:36.865Z", "dateReserved": "2026-03-30T18:41:20.753Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-02T18:02:35.720Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because Electron is configured with nodeIntegration: true and contextIsolation: false. This issue has been patched in version 7.1.5."}], "id": "CVE-2026-34725", "lastModified": "2026-04-03T16:10:23.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T18:16:33.253", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/dbgate/dbgate/commit/a7d2ed11f3f3d4dfb5d2e4e5467dedafa5fa947e"}, {"source": "security-advisories@github.com", "url": "https://github.com/dbgate/dbgate/releases/tag/v7.1.5"}, {"source": "security-advisories@github.com", "url": "https://github.com/dbgate/dbgate/security/advisories/GHSA-35xm-qvjg-8m42"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[7.0.0,7.1.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "dbgate", "source": "cna", "vendor": "dbgate"}, "product": "dbgate", "vendor": "dbgate"}], "analysis": {"en": {"generated_at": "2026-04-02T22:26:43.452973+00:00", "value": {"mitigation_remediation": ["Upgrade DbGate to version 7.1.5 or later. The patch removes the insecure rendering of SVG icons.", "If an upgrade is not immediately possible, remove or replace any custom SVG icons in the applicationIcon field, or use benign default icons supplied by the application.", "Review the Electron configuration in the application; if possible, enable contextIsolation and restrict nodeIntegration to mitigate future similar vulnerabilities."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "DbGate versions from 7.0.0 up to, but not including, 7.1.5 are affected.", "description_and_impact": "DbGate, a cross\u2011platform database manager, contains a stored cross\u2011site scripting flaw in its applicationIcon feature. Attackers can supply malicious SVG icon strings that are rendered as raw HTML. In the web interface this leads to script execution within any user\u2019s browser, while in the Electron desktop application the vulnerable renderer configuration (nodeIntegration:true and contextIsolation:false) enables those scripts to access the underlying Node.js runtime, thereby raising the impact to local code execution.", "risk_and_exploitability": "The vulnerability has a CVSS v3 score of 8.3, indicating high severity. EPSS data is not available and the issue is not catalogued in KEV, so the expected exploitation rate cannot be quantified from public data. The flaw can be abused through the web UI by any authenticated or unauthenticated user who can add an SVG icon, or via the desktop app by a local user who can supply a malicious icon. Because the Electron renderer has disabled isolation, the attack readily gains full access to the system the application runs on, making it a near\u2011certain vector once the precondition of a custom icon is met."}}}}, "created": "2026-04-03T07:32:05.347986+00:00", "updated": "2026-04-03T09:17:05.121956+00:00", "vendors": ["dbgate", "dbgate$PRODUCT$dbgate"]}