CVE-2026-13455
mediumCVSS v3 Base Score
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
Low
Integrity
None
Availability
None
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in PostgreSQL Anonymizer. Unprivileged masked users can repeatedly call the anon.hash() function to collect seed and hash output pairs. This allows an attacker to perform an offline brute-force attack to deduce the salt, potentially leading to information disclosure.