FKIE_CVE-2026-2360

Vulnerability from fkie_nvd - Published: 2026-02-11 18:16 - Updated: 2026-02-12 15:11
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version. With PostgreSQL 15 and later, the creation permission on the public schema is revoked by default and this exploit can only be achieved if a superuser adds a new schema in her/his own search_path and grants the CREATE privilege on that schema to untrusted users, both actions being clearly discouraged by the PostgreSQL documentation. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions
References
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/616
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007https://www.postgresql.org/docs/current/ddl-schemas.html#DDL-SCHEMAS-PATH
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version. With PostgreSQL 15 and later, the creation permission on the public schema is revoked by default and this exploit can only be achieved if a superuser adds a new schema in her/his own search_path and grants the CREATE privilege on that schema to untrusted users, both actions being clearly discouraged by the PostgreSQL documentation. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions"
    },
    {
      "lang": "es",
      "value": "PostgreSQL Anonymizer contiene una vulnerabilidad que permite a un usuario obtener privilegios de superusuario al crear un operador personalizado en el esquema p\u00fablico y colocar c\u00f3digo malicioso en ese operador. Este operador ser\u00e1 ejecutado posteriormente con privilegios de superusuario cuando la extensi\u00f3n sea creada. El riesgo es mayor con PostgreSQL 14 o con instancias actualizadas desde PostgreSQL 14 o una versi\u00f3n anterior. Con PostgreSQL 15 y posteriores, el permiso de creaci\u00f3n en el esquema p\u00fablico es revocado por defecto y este exploit solo puede lograrse si un superusuario a\u00f1ade un nuevo esquema en su propio search_path y otorga el privilegio CREATE en ese esquema a usuarios no confiables, ambas acciones siendo claramente desaconsejadas por la documentaci\u00f3n de PostgreSQL. El problema est\u00e1 resuelto en PostgreSQL Anonymizer 3.0.1 y versiones posteriores."
    }
  ],
  "id": "CVE-2026-2360",
  "lastModified": "2026-02-12T15:11:02.290",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-11T18:16:08.153",
  "references": [
    {
      "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
      "url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md"
    },
    {
      "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
      "url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/616"
    },
    {
      "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
      "url": "https://www.postgresql.org/docs/current/ddl-schemas.html#DDL-SCHEMAS-PATH"
    }
  ],
  "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.