CVE-2026-2361
Published: 11 February 2026
Summary
CVE-2026-2361 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 18.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Updating PostgreSQL Anonymizer to version 3.0.1 or later directly resolves the privilege escalation vulnerability by fixing the execution of malicious code in temporary views.
Restricting users to least privilege by revoking unnecessary CREATE privileges prevents exploitation requiring such permissions to create malicious temporary views.
Hardening PostgreSQL configuration by revoking default CREATE privileges on the public schema reduces the attack surface, especially in PostgreSQL 14 or upgraded instances.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct privilege escalation to superuser via malicious function/view execution in PostgreSQL extension.
NVD Description
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges.…
more
This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions
Deeper analysisAI
CVE-2026-2361 is a privilege escalation vulnerability in PostgreSQL Anonymizer, an extension for PostgreSQL. It enables a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is subsequently called, the malicious code executes with superuser privileges. The vulnerability can be exploited in PostgreSQL 15 and later versions by users holding the CREATE privilege.
The attack requires high privileges (PR:H) and high attack complexity (AC:H), but is network-accessible (AV:N) with a scope change (S:C), resulting in high impacts on confidentiality, integrity, and availability (CVSS:3.1 score of 8.0). Exploitation is feasible for users with CREATE privileges, achieving full superuser escalation. Risk is elevated in PostgreSQL 14 or instances upgraded from PostgreSQL 14 or earlier, where creation permissions on the public schema are granted by default. It is associated with CWE-427 (Untrusted Search Path).
The vulnerability is resolved in PostgreSQL Anonymizer 3.0.1 and later versions. Advisories detail the fix in the project's NEWS.md at https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md and issue #617 at https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/617.
Details
- CWE(s)