Description

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions

INFO

Published Date :

2026-02-11T17:48:03.805Z

Last Modified :

2026-02-11T18:24:03.242Z

Source :

PostgreSQL
AFFECTED PRODUCTS

The following products are affected by CVE-2026-2361 vulnerability.

Vendors Products
Dalibo
  • Postgresql Anonymizer
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-2361.

URL Resource
https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md cve-icon cve-icon
https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/617 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact