ByteOS Network

NVD Vulnerability Details :

CVE-2026-2361

Awaiting Analysis

Source-f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Published At-11 Feb, 2026 | 18:16

Updated At-12 Feb, 2026 | 15:11

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.0	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.0

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-427	Secondary	f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

CWE ID: CWE-427

Type: Secondary

Source: f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

References

Hyperlink	Source	Resource
https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md	f86ef6dc-4d3a-42ad-8f28-e6d5547a5007	N/A
https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/617	f86ef6dc-4d3a-42ad-8f28-e6d5547a5007	N/A

Hyperlink: https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md

Source: f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Resource: N/A

Hyperlink: https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/617

Source: f86ef6dc-4d3a-42ad-8f28-e6d5547a5007

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History