CVE-2026-11945

CVE-2026-11945 affects PostgreSQL Anonymizer. A local user who can create JSON documents can embed malicious code in a specific key–value pair, which is executed with superuser privileges if a superuser invokes import_database_rules() or import_roles_rules(). This leads to privilege escalation/po...

CVE-2026-11945 PostgreSQL Anonymizer: SQL injection in the rules import functions

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a JSON document and placing malicious code inside a particular key-value pair. If a superuser calls the importdatabaserules or importrolesrules functions, the malicious code is executed with...

EUVD-2026-32930

CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE...

EUVD-2026-32504

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-anonymity function, the malicious code is executed with superuser privileges. The risk is higher wit...

CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE

Impact The CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pgmonitor. SET ROLE changes only currentuser; sessionuser remains postgres. That residual superuser identity is the foothold fo...

CVE-2026-2360

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a custom operator in the public schema and place malicious code in that operator. This operator will later be executed with superuser privileges when the extension is created. The risk is...

UBUNTU-CVE-2026-2361

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

CVE-2026-2361

CVE-2026-2361 affects PostgreSQL Anonymizer. A user can gain superuser privileges by creating a temporary view that includes a function with malicious code; when anon.get_tablesample_ratio runs, the code executes with superuser privileges. This requires CREATE privilege in PostgreSQL 15+ and is m...

CVE-2026-2361

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

CVE-2026-2361

PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a temporary view based on a function containing malicious code. When the anon.gettablesampleratio function is then called, the malicious code is executed with superuser privileges. This...

GHSA-5C4F-PXMX-XCM4 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

Privilege Defined With Unsafe Actions

Overview org.apache.cassandra:cassandra-all is a maven plugin for the Apache Cassandra Project. Which, develops a highly scalable second-generation distributed database, bringing together Dynamo's fully distributed design and Bigtable's ColumnFamily-based data model. Affected versions of this...

Avoid Using the root User to Access the System Locally

Users with the root permission can access all Linux resources. If the root user is used to log in to the Linux OS to perform operations, there are many potential security risks. To avoid the risks, do not use the root user to log in to the Linux OS. If necessary, indirectly use the root user...

GHSA-WMCC-9VCH-JMX4 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

The vulnerability of the “restrict_to_trusted_schemas” option in PostgreSQL’s data anonymization functions in the PostgreSQL Anonymizer database allows a malicious user to elevate their privileges to superuser status.

The vulnerability of the restricttotrustedschemas option in PostgreSQL’s data anonymization feature exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to elevate their privileges to superuser status...

CVE-2024-2338

Summary for CVE-2024-2338 (PostgreSQL Anonymizer) : PostgreSQL Anonymizer v1.2 contains a SQL injection flaw that can let a user who owns a table escalate to superuser when dynamic masking is enabled. The vulnerability stems from allowing complex expressions as a value for security labels used to...

CVE-2023-41119

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function dbmsaqmovetoexceptionqueue that may be used to elevate a user's privileges to superuser. This...

Vulnerability in client (CVE-2016-5424)

Exceptional database and role names could enable escalation to superuser...