216.73.216.170

CVE-2026-2361

· Published 11/02/2026 18:16 · Modified 11/02/2026 18:16

Labels: CVE-2026-2361 2026-02-11CVE-2026-2361CWE-427f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Essential information

Published
11/02/2026 18:16
Modified
11/02/2026 18:16
Author
Creator
CVSS
8.0 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS metrics

Description

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
NVD
View on NVD

Affected products (CPE)

ProductCPE
postgresql / postgresql cpe:2.3:a:postgresql:postgresql:14:*:*:*:*:*:*:*
postgresql / postgresql cpe:2.3:a:postgresql:postgresql:15:*:*:*:*:*:*:*
postgresql / anonymizer cpe:2.3:a:postgresql:anonymizer:3.0.1:*:*:*:*:*:*:*

References