CVE-2026-2361

Name of the Vulnerable Software and Affected Versions PostgreSQL Anonymizer versions prior to 3.0.1 PostgreSQL versions 14 and 15

Description A flaw exists in PostgreSQL Anonymizer that could allow a user with CREATE privileges to gain superuser privileges. This occurs by creating a temporary view based on a function containing malicious code. When the anon.get tablesample ratio function is called, the malicious code executes with elevated privileges. The risk is increased in PostgreSQL 14 or instances upgraded from PostgreSQL 14 or earlier due to default permissions on the public schema.

Recommendations Upgrade to PostgreSQL Anonymizer version 3.0.1 or a later version. For PostgreSQL versions 14 and 15, restrict the CREATE privilege to authorized users only.