FKIE_CVE-2026-2361

Vulnerability from fkie_nvd - Published: 2026-02-11 18:16 - Updated: 2026-02-12 15:11
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions
References
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/617
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions"
    },
    {
      "lang": "es",
      "value": "PostgreSQL Anonymizer contiene una vulnerabilidad que permite a un usuario obtener privilegios de superusuario creando una vista temporal basada en una funci\u00f3n que contiene c\u00f3digo malicioso. Cuando la funci\u00f3n anon.get_tablesample_ratio es luego llamada, el c\u00f3digo malicioso es ejecutado con privilegios de superusuario. Esta elevaci\u00f3n de privilegios puede ser explotada por usuarios que tienen el privilegio CREATE en PostgreSQL 15 y posteriores. El riesgo es mayor con PostgreSQL 14 o con instancias actualizadas desde PostgreSQL 14 o una versi\u00f3n anterior porque el permiso de creaci\u00f3n en el esquema p\u00fablico se concede por defecto. El problema est\u00e1 resuelto en PostgreSQL Anonymizer 3.0.1 y versiones posteriores."
    }
  ],
  "id": "CVE-2026-2361",
  "lastModified": "2026-02-12T15:11:02.290",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-11T18:16:08.313",
  "references": [
    {
      "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
      "url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md"
    },
    {
      "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
      "url": "https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/617"
    }
  ],
  "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.