PostgreSQL Anonymizer Vulnerability Leading to Superuser Privilege Escalation
CVE-2026-11945

6.4MEDIUM

Key Information:

Vendor

Dalibo

Vendor
CVE Published:
11 June 2026

What is CVE-2026-11945?

The PostgreSQL Anonymizer is affected by a vulnerability that enables unauthorized users to escalate their privileges to superuser level through crafted JSON documents. By inserting malicious code within specific key-value pairs, attackers can trigger the execution of harmful functions, namely import_database_rules() or import_roles_rules(). This exploit allows for significant data manipulation and access to sensitive information, posing serious security risks to affected systems. The vulnerability is addressed in version 3.1.1 and above, making it crucial for users to update their installations.

Affected Version(s)

PostgreSQL Anonymizer 1 < 3.1.1

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

The PostgreSQL Anonymizer project thanks user Mehmet Ince for reporting this problem.
.