Description

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because Electron is configured with nodeIntegration: true and contextIsolation: false. This issue has been patched in version 7.1.5.

INFO

Published Date :

2026-04-02T18:02:35.720Z

Last Modified :

2026-04-03T03:55:56.991Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34725 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34725.

URL Resource
https://github.com/dbgate/dbgate/commit/a7d2ed11f3f3d4dfb5d2e4e5467dedafa5fa947e cve-icon cve-icon
https://github.com/dbgate/dbgate/releases/tag/v7.1.5 cve-icon cve-icon
https://github.com/dbgate/dbgate/security/advisories/GHSA-35xm-qvjg-8m42 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact