CVE-2026-2360
📋 TL;DR
PostgreSQL Anonymizer extension contains a privilege escalation vulnerability where users can create malicious operators in schemas with CREATE permission, which execute with superuser privileges during extension creation. This affects PostgreSQL 14 and earlier by default, and PostgreSQL 15+ only if administrators explicitly grant CREATE privileges on schemas to untrusted users. The vulnerability allows attackers to gain full database control.
💻 Affected Systems
- PostgreSQL Anonymizer
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise with superuser access, allowing data theft, destruction, or persistence mechanisms.
Likely Case
Privileged database user gains superuser privileges to access sensitive data or modify database objects.
If Mitigated
Limited to users with CREATE privilege on schemas in their search_path, requiring specific misconfigurations.
🎯 Exploit Status
Exploitation requires database user access with CREATE privilege on a schema in their search_path. The vulnerability is well-documented in the references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.0.1 and later
Vendor Advisory: https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md
Restart Required: No
Instructions:
1. Update PostgreSQL Anonymizer extension to version 3.0.1 or later. 2. Execute: ALTER EXTENSION anonymizer UPDATE TO '3.0.1'; 3. Verify update with: SELECT extversion FROM pg_extension WHERE extname='anonymizer';
🔧 Temporary Workarounds
Revoke CREATE privilege on public schema
allRemove CREATE permission from untrusted users on the public schema to prevent operator creation.
REVOKE CREATE ON SCHEMA public FROM PUBLIC;
REVOKE CREATE ON SCHEMA public FROM [username];
Restrict schema search_path
allEnsure untrusted users don't have schemas with CREATE privilege in their search_path.
ALTER ROLE [username] SET search_path = "$user", pg_catalog;
🧯 If You Can't Patch
- Implement strict access controls: grant CREATE privilege only to trusted users and avoid placing untrusted schemas in search_path.
- Monitor for suspicious operator creation and extension installation activities in database logs.
🔍 How to Verify
Check if Vulnerable:
Check PostgreSQL Anonymizer version: SELECT extversion FROM pg_extension WHERE extname='anonymizer'; If version < 3.0.1, system is vulnerable.Check Version:
SELECT extversion FROM pg_extension WHERE extname='anonymizer';Verify Fix Applied:
Confirm version is 3.0.1 or higher: SELECT extversion FROM pg_extension WHERE extname='anonymizer';📡 Detection & Monitoring
Log Indicators:
- CREATE OPERATOR statements from non-superusers
- Extension creation/update events for anonymizer
- Unexpected privilege escalation attempts
Network Indicators:
- Unusual database connection patterns preceding privilege changes
SIEM Query:
source="postgresql" AND (event="CREATE OPERATOR" OR event LIKE "%anonymizer%")