216.73.216.174

CVE-2026-11945

· Published 11/06/2026 19:16 · Modified 11/06/2026 20:56 · Author: The MITRE Corporation

Labels: CVE-2026-11945 2026-06-11CVE-2026-11945CWE-89f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Essential information

Published
11/06/2026 19:16
Modified
11/06/2026 20:56
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CWE-89
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the import_database_rules() or import_roles_rules() functions, the malicious code is executed with superuser privileges. The problem is resolved in PostgreSQL Anonymizer 3.1.1 and further versions

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
NVD
View on NVD

Affected products (CPE)

ProductCPE
postgresql / anonymizer cpe:2.3:a:postgresql:anonymizer:3.1.1:*:*:*:*:*:*:*
postgresql / anonymizer cpe:2.3:a:postgresql:anonymizer:*:*:*:*:*:*:*:*

References