{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T01:30:09.066","vulnerabilities":[{"cve":{"id":"CVE-2026-2361","sourceIdentifier":"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007","published":"2026-02-11T18:16:08.313","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions"},{"lang":"es","value":"PostgreSQL Anonymizer contiene una vulnerabilidad que permite a un usuario obtener privilegios de superusuario creando una vista temporal basada en una función que contiene código malicioso. Cuando la función anon.get_tablesample_ratio es luego llamada, el código malicioso es ejecutado con privilegios de superusuario. Esta elevación de privilegios puede ser explotada por usuarios que tienen el privilegio CREATE en PostgreSQL 15 y posteriores. El riesgo es mayor con PostgreSQL 14 o con instancias actualizadas desde PostgreSQL 14 o una versión anterior porque el permiso de creación en el esquema público se concede por defecto. El problema está resuelto en PostgreSQL Anonymizer 3.0.1 y versiones posteriores."}],"metrics":{"cvssMetricV31":[{"source":"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0}]},"weaknesses":[{"source":"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]}],"references":[{"url":"https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md","source":"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007"},{"url":"https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/617","source":"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007"}]}}]}