CVE-2026-11945

Published Jun 11, 2026

Last updated 3 days ago

CVSS medium 6.4

Overview

Description
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the import_database_rules() or import_roles_rules() functions, the malicious code is executed with superuser privileges. The problem is resolved in PostgreSQL Anonymizer 3.1.1 and further versions
Source
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.4
Impact score
5.9
Exploitability score
0.5
Vector string
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Severity
MEDIUM

Weaknesses

f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
CWE-89

Social media

Hype score
Not currently trending

References

Sources include official advisories and independent security research.