CVE-2026-2361

HIGH SEVERITY

CVSS Score & Metrics

Base Score

8.0 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H                                    

Vulnerability Description

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions

Vulnerability Details

Published Date

February 11, 2026

Last Modified

February 12, 2026

CWE ID

CWE-427

Source

NVD

External References

https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md
https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/617

CVE-2026-2361

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment