CVE-2026-11945 | THREATINT – Canadian Cyber Watch

Description

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the import_database_rules() or import_roles_rules() functions, the malicious code is executed with superuser privileges. The problem is resolved in PostgreSQL Anonymizer 3.1.1 and further versions

PUBLISHED Reserved 2026-06-10 | Published 2026-06-11 | Updated 2026-06-11 | Assigner PostgreSQL

MEDIUM: 6.4CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Problem types

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

Product status

Default status
unaffected

1 (semver) before 3.1.1
affected

Credits

The PostgreSQL Anonymizer project thanks user Mehmet Ince for reporting this problem.

References

gitlab.com/dalibo/postgresql_anonymizer/-/issues/643

cve.org (CVE-2026-11945)

nvd.nist.gov (CVE-2026-11945)

Download JSON

Source link

What's Hot

Critical Fortinet FortiSandbox flaws now exploited in attacks

iRhythm discloses data breach, says hackers stole patient info

SimpleHelp bug lets hackers create rogue remote support accounts

CISA Adds One Known Exploited Vulnerability to Catalog

FreePBX security advisory (AV26–596) – Canadian Centre for Cyber Security

SSA-879734 V1.0: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1

Catchy & Intriguing

IP Address Investigations and Local OSINT

Defending Canada’s Digital Frontier: Combating Phishing, Social Engineering, Ransomware, and Malware

Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

Most Popular