Description
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions
Published: 2026-02-11
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

PostgreSQL Anonymizer allows a user with CREATE privilege to elevate themselves to superuser by creating a temporary view that points to a function containing malicious code. When the anon.get_tablesample_ratio function is then invoked, the malicious code executes with superuser privileges, giving the attacker full control over the database instance and the ability to exfiltrate data, modify data, and disrupt services.

Affected Systems

Deployments of DALIBO PostgreSQL Anonymizer version 2.5 and any earlier releases that have not been upgraded to 3.0.1 or later. The vulnerability also affects PostgreSQL 15 and later, because users with CREATE privilege can exploit it. For PostgreSQL 14 or instances upgraded from PostgreSQL 14 or earlier, the risk is higher due to the default grant of CREATE on the public schema.

Risk and Exploitability

The CVSS score is 8, indicating high severity. The EPSS score is less than 1%, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a user with database create privileges, possibly via a remote connection if credentials are obtained or through an insider role. This privilege escalation can lead to full database compromise, affecting confidentiality, integrity, and availability.

Generated by OpenCVE AI on April 18, 2026 at 12:39 UTC.

Remediation

Vendor Workaround

Drop the anon.get_tablesample_ratio function. It is obsolete.

OpenCVE Recommended Actions

  • Upgrade PostgreSQL Anonymizer to version 3.0.1 or later.
  • Drop the anon.get_tablesample_ratio function, which is obsolete.
  • Revoke or restrict the CREATE privilege on the public schema (or other schemas) to limit the ability to create temporary views that reference malicious functions.

Generated by OpenCVE AI on April 18, 2026 at 12:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Dalibo
Dalibo postgresql Anonymizer
Vendors & Products Dalibo
Dalibo postgresql Anonymizer

Wed, 11 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Description PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions
Title Improper search_path protection in PostgreSQL Anonymizer 2.5 allows any user with create privilege to gain superuser privileges
Weaknesses CWE-427
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Dalibo Postgresql Anonymizer
cve-icon MITRE

Status: PUBLISHED

Assigner: PostgreSQL

Published:

Updated: 2026-02-11T18:24:03.242Z

Reserved: 2026-02-11T17:11:41.858Z

Link: CVE-2026-2361

cve-icon Vulnrichment

Updated: 2026-02-11T18:23:50.433Z

cve-icon NVD

Status : Deferred

Published: 2026-02-11T18:16:08.313

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2361

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:45:45Z

Weaknesses