Description
PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash() function and collects (seed, hash_output) pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later versions
Published: 2026-06-30
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PostgreSQL Anonymizer includes an unbounded anon.hash function that any masked user can invoke repeatedly. By collecting the seed and hash output for each call, an attacker can mount an offline brute‑force search to recover the secret salt, and then invert the hashing to recover unmasked data. This vulnerability allows a non‑privileged user to compromise data confidentiality.

Affected Systems

The issue affects all deployed Dalibo PostgreSQL Anonymizer releases earlier than version 3.1.2. The vulnerability is fixed in 3.1.2 and later.

Risk and Exploitability

The CVSS v3.1 score of 4.3 denotes moderate risk, and without an EPSS score the exploitation likelihood remains unclear. The vulnerability is not listed in the CISA KEV catalog, indicating no known widespread exploitation. An attacker would need direct database query access under a masked user role, and repeated calls to the hash function, which may be detectable via logs. The potential for data deanonymization exists only if the attacker can perform the time‑consuming offline search.

Generated by OpenCVE AI on June 30, 2026 at 18:21 UTC.

Remediation

Vendor Workaround

Restrict access to anon.hash() for masked users: SECURITY LABEL FOR anon ON FUNCTION anon.hash(TEXT) IS 'RESTRICTED'.

OpenCVE Recommended Actions

  • Upgrade PostgreSQL Anonymizer to version 3.1.2 or newer.
  • Apply the official workaround by restricting access to anon.hash() for masked users: SECURITY LABEL FOR anon ON FUNCTION anon.hash(TEXT) IS 'RESTRICTED'.
  • Ensure masked users lack the privilege to invoke anon.hash() and monitor database logs for repeated hash function calls.

Generated by OpenCVE AI on June 30, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Dalibo
Dalibo postgresql Anonymizer
Vendors & Products Dalibo
Dalibo postgresql Anonymizer

Tue, 30 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 30 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Description PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash() function and collects (seed, hash_output) pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later versions
Title PostgreSQL Anonymizer: Unrestricted function can leak the secret salt
Weaknesses CWE-328
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Dalibo Postgresql Anonymizer
cve-icon MITRE

Status: PUBLISHED

Assigner: PostgreSQL

Published:

Updated: 2026-06-30T15:57:53.085Z

Reserved: 2026-06-26T18:36:50.872Z

Link: CVE-2026-13455

cve-icon Vulnrichment

Updated: 2026-06-30T15:57:14.669Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T21:15:05Z

Weaknesses