CVE-2026-11945
MediumCVSS 6.4Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the import_database_rules() or import_roles_rules() functions, the malicious code is executed with superuser privileges.
Risk Assessment
This vulnerability poses a serious risk to system security, allowing unauthorized users to gain full access to the database. This could lead to unauthorized access to and modification of data.
Recommendation
It is recommended to update PostgreSQL Anonymizer to version 3.1.1 or later to mitigate this vulnerability. Additionally, conduct an audit of user permissions and monitor calls to import functions.
Original NVD description (English source)
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the import_database_rules() or import_roles_rules() functions, the malicious code is executed with superuser privileges. The problem is resolved in PostgreSQL Anonymizer 3.1.1 and further versions

