2439066 – (CVE-2026-2361) CVE-2026-2361 PostgreSQL Anonymizer: Improper search_path protection in PostgreSQL Anonymizer 2.5 allows any user with create privilege to gain superuser privileges

Bug 2439066 (CVE-2026-2361) - CVE-2026-2361 PostgreSQL Anonymizer: Improper search_path protection in PostgreSQL Anonymizer 2.5 allows any user with create privilege to gain superuser privileges

Summary: CVE-2026-2361 PostgreSQL Anonymizer: Improper search_path protection in Postg...

Keywords:
Status:	NEW
Alias:	CVE-2026-2361
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2439079
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-11 19:01 UTC by OSIDB Bzimport
Modified:	2026-02-11 19:53 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-11 19:01:44 UTC

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges. This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions

Note You need to log in before you can comment on or make changes to this bug.