CVE-2026-13455
MEDIUM
NVD
CVSS Score
4.3
Severity
MEDIUM
Published
Jun 30, 2026
Vendor
unknown
Description
PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash() function and collects (seed, hash_output) pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later versions