CVE-2026-2361 in PostgreSQL Anonymizerinfo

Zusammenfassung

von MITRE • 11.02.2026

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

PostgreSQL

Reservieren

11.02.2026

Veröffentlichung

11.02.2026

Moderieren

akzeptiert

Eintrag

VDB-345579

CPE

bereit

EPSS

0.00059

KEV

nein

Aktivitäten

very low

Sektor

Pharma, Chemical, ...

Quellen

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-2361
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-2361
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-2361/

ZurückÜbersichtWeiter

Do you need the next level of professionalism?

Upgrade your account now!