PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash() function and collects (seed, hash_output) pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later versions
References
| Link | Resource |
|---|---|
| https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/649 | Vendor Advisory |
Configurations
History
06 Jul 2026, 20:23
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://gitlab.com/dalibo/postgresql_anonymizer/-/issues/649 - Vendor Advisory | |
| CPE | cpe:2.3:a:dalibo:postgresql_anonymizer:*:*:*:*:*:postgresql:*:* | |
| First Time |
Dalibo
Dalibo postgresql Anonymizer |
30 Jun 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-30 16:16
Updated : 2026-07-06 20:23
NVD link : CVE-2026-13455
Mitre link : CVE-2026-13455
CVE.ORG link : CVE-2026-13455
JSON object : View
Products Affected
dalibo
- postgresql_anonymizer
CWE
CWE-328
Use of Weak Hash
