CVE-2026-2361
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions
Analysis
Privilege escalation in PostgreSQL Anonymizer allows authenticated users with CREATE privileges to gain superuser access by exploiting unsafe function execution within temporary views. This vulnerability affects PostgreSQL 15 and later, with heightened risk on PostgreSQL 14 instances due to default public schema permissions, and impacts all users unable to upgrade to version 3.0.1 or later. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Audit PostgreSQL instances for Anonymizer extension deployment and restrict database access to trusted users only. Within 7 days: Implement network segmentation to limit PostgreSQL connectivity and disable the anon.get_tablesample_ratio function if not actively required. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today