Cyber Resilience

CVE-2026-2361

High

Published: 11 February 2026

Published
11 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0006 18.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2361 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 18.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-2361 is a privilege escalation vulnerability in PostgreSQL Anonymizer, an extension for PostgreSQL. It enables a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is subsequently called, the malicious code executes with superuser privileges. The vulnerability can be exploited in PostgreSQL 15 and later versions by users holding the CREATE privilege.

The attack requires high privileges (PR:H) and high attack complexity (AC:H), but is network-accessible (AV:N) with a scope change (S:C), resulting in high impacts on confidentiality, integrity, and availability (CVSS:3.1 score of 8.0). Exploitation is feasible for users with CREATE privileges, achieving full superuser escalation. Risk is elevated in PostgreSQL 14 or instances upgraded from PostgreSQL 14 or earlier, where creation permissions on the public schema are granted by default. It is associated with CWE-427 (Untrusted Search Path).

The vulnerability is resolved in PostgreSQL Anonymizer 3.0.1 and later versions. Advisories detail the fix in the project's NEWS.md at https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md and issue #617 at https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/617.

EU & UK References

Vulnerability details

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.get_tablesample_ratio function is then called, the malicious code is executed with superuser privileges.…

more

This privilege elevation can be exploited by users having the CREATE privilege in PostgreSQL 15 and later. The risk is higher with PostgreSQL 14 or with instances upgraded from PostgreSQL 14 or a prior version because the creation permission on the public schema is granted by default. The problem is resolved in PostgreSQL Anonymizer 3.0.1 and further versions

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct privilege escalation to superuser via malicious function/view execution in PostgreSQL extension.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23741Shared CWE-427
CVE-2026-42171Shared CWE-427
CVE-2026-4134Shared CWE-427
CVE-2026-2360Shared CWE-427
CVE-2026-23740Shared CWE-427
CVE-2024-9495Shared CWE-427
CVE-2026-24502Shared CWE-427
CVE-2025-48503Shared CWE-427
CVE-2026-34054Shared CWE-427
CVE-2025-24998Shared CWE-427

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Updating PostgreSQL Anonymizer to version 3.0.1 or later directly resolves the privilege escalation vulnerability by fixing the execution of malicious code in temporary views.

prevent

Restricting users to least privilege by revoking unnecessary CREATE privileges prevents exploitation requiring such permissions to create malicious temporary views.

prevent

Hardening PostgreSQL configuration by revoking default CREATE privileges on the public schema reduces the attack surface, especially in PostgreSQL 14 or upgraded instances.

References