CVE-2026-11945
6.4 MEDIUMPostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing ma...
Published: 2026-06-11 · Last updated: 2026-06-11
Severity and scoring
- CVSS
- 6.4 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-89
Description
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the import_database_rules() or import_roles_rules() functions, the malicious code is executed with superuser privileges. The problem is resolved in PostgreSQL Anonymizer 3.1.1 and further versions
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-48613 — SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migratio... (5.9 MEDIUM)
- CVE-2026-45418 — ClipBucket v5 is an open source video sharing platform (8.8 HIGH)
- CVE-2026-45060 — ClipBucket v5 is an open source video sharing platform (9.8 CRITICAL)
- CVE-2026-42647 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL ... (9.3 CRITICAL)
- CVE-2026-39494 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW a... (9.3 CRITICAL)