CVE-2026-11945: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in DALIBO PostgreSQL Anonymizer
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the import_database_rules() or import_roles_rules() functions, the malicious code is executed with superuser privileges. The problem is resolved in PostgreSQL Anonymizer 3.1.1 and further versions
AI Analysis
Technical Summary
CVE-2026-11945 is an SQL injection vulnerability in DALIBO PostgreSQL Anonymizer. A user can embed malicious code within a JSON key-value pair that, if processed by a superuser invoking import_database_rules() or import_roles_rules(), leads to execution of that code with superuser privileges. This vulnerability enables privilege escalation via improper neutralization of special elements in SQL commands. The issue is fixed starting from version 3.1.1.
Potential Impact
Successful exploitation allows an attacker with some level of access to escalate privileges to superuser within the PostgreSQL Anonymizer environment, potentially leading to full system compromise. The vulnerability affects confidentiality, integrity, and availability as indicated by the CVSS vector (C:H/I:H/A:H).
Mitigation Recommendations
Upgrade to PostgreSQL Anonymizer version 3.1.1 or later, where this vulnerability is resolved. No other mitigation or temporary workaround is specified.
CVE-2026-11945: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in DALIBO PostgreSQL Anonymizer
Description
PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the import_database_rules() or import_roles_rules() functions, the malicious code is executed with superuser privileges. The problem is resolved in PostgreSQL Anonymizer 3.1.1 and further versions
CVSS v3.1
Score 6.4medium
Affected software
pkg:github/dalibo/postgresql_anonymizerRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-11945 is an SQL injection vulnerability in DALIBO PostgreSQL Anonymizer. A user can embed malicious code within a JSON key-value pair that, if processed by a superuser invoking import_database_rules() or import_roles_rules(), leads to execution of that code with superuser privileges. This vulnerability enables privilege escalation via improper neutralization of special elements in SQL commands. The issue is fixed starting from version 3.1.1.
Potential Impact
Successful exploitation allows an attacker with some level of access to escalate privileges to superuser within the PostgreSQL Anonymizer environment, potentially leading to full system compromise. The vulnerability affects confidentiality, integrity, and availability as indicated by the CVSS vector (C:H/I:H/A:H).
Mitigation Recommendations
Upgrade to PostgreSQL Anonymizer version 3.1.1 or later, where this vulnerability is resolved. No other mitigation or temporary workaround is specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- PostgreSQL
- Date Reserved
- 2026-06-10T21:28:53.029Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2ae619815e7002b80ac451
Added to database: 6/11/2026, 4:45:13 PM
Last enriched: 6/11/2026, 5:00:13 PM
Last updated: 6/11/2026, 7:29:15 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.