PatchSiren

DALIBO CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM DALIBO CVE published 2026-06-11

CVE-2026-11945

A vulnerability in PostgreSQL Anonymizer allows a user to gain superuser privileges. By creating a JSON document and placing malicious code inside a particular key-value pair, an attacker can exploit this issue. If a superuser calls the import_database_rules() or import_roles_rules() functions, the malicious code is executed with superuser privileges. This vulnerability has a CVSS score of 6.4 and is clas [truncated]

MEDIUM DALIBO CVE published 2026-05-27

CVE-2026-9617

A privilege escalation vulnerability in PostgreSQL Anonymizer allows authenticated database users to execute arbitrary code with superuser privileges when a superuser invokes the k-anonymity function on a maliciously crafted table. The attack vector involves embedding malicious code within column identifiers, which are then executed during function processing. The vulnerability is more readily exploitable [truncated]