CVE-2026-13455

medium Red Hat
CVSS v3 Base Score
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
Low
Integrity
None
Availability
None
Published: June 30, 2026 (9 days ago)
Last Modified: June 30, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in PostgreSQL Anonymizer. Unprivileged masked users can repeatedly call the anon.hash() function to collect seed and hash output pairs. This allows an attacker to perform an offline brute-force attack to deduce the salt, potentially leading to information disclosure.

CWE

CWE-916

References