CNNVD-202602-1894 Information
CNNVD ID
CNNVD-202602-1894
Related CVE
- CNNVD Published: 2026-02-11
Description (Chinese)
DALIBO PostgreSQL Anonymizer是法国(DALIBO)公司的一个用于屏蔽或替换 PostgreSQL 数据库中的个人身份信息 (PII) 或商业敏感数据的扩展软件。 PostgreSQL Anonymizer存在安全漏洞,该漏洞源于允许用户在公共模式中创建自定义运算符并放置恶意代码,可能导致在创建扩展时以超级用户权限执行恶意代码。
Description (English)
DALIBO PostgreSQL Anonymizer is an extension of personal identity information (PII) or commercially sensitive data used by the French company DALIBO to shield or replace the PostgreSQL database. PostgreSQL Anonymizer has a security loophole, which stems from allowing users to create custom operators in public mode and to place malicious codes, which may lead to the implementation of malicious codes with super-user privileges when creating extensions.
Vulnerability Type
其他
Affected Vendor
DALIBO
Published
2026-02-11
Last Modified
2026-02-24
References
https://gitlab.com/dalibo/postgresql_anonymizer/-/blob/latest/NEWS.md https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/616 https://www.postgresql.org/docs/current/ddl-schemas.html#DDL-SCHEMAS-PATH https://access.redhat.com/security/cve/cve-2026-2360
Patch
https://gitlab.com/dalibo/postgresql_anonymizer/-/releases
Share on: