PostgreSQL Anonymizer Vulnerability Leading to Superuser Privilege Escalation
CVE-2026-11945
6.4MEDIUM
What is CVE-2026-11945?
The PostgreSQL Anonymizer is affected by a vulnerability that enables unauthorized users to escalate their privileges to superuser level through crafted JSON documents. By inserting malicious code within specific key-value pairs, attackers can trigger the execution of harmful functions, namely import_database_rules() or import_roles_rules(). This exploit allows for significant data manipulation and access to sensitive information, posing serious security risks to affected systems. The vulnerability is addressed in version 3.1.1 and above, making it crucial for users to update their installations.
Affected Version(s)
PostgreSQL Anonymizer 1 < 3.1.1
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
The PostgreSQL Anonymizer project thanks user Mehmet Ince for reporting this problem.
