Free Edition No, Endpoint Central is not vulnerable to CVE-2020-14350 vulnerability. Read the document fully for further details.
In CVE-2020-14350, there was an uncontrolled search path element in CREATE EXTENSION in PostgreSQL. In this vulnerability, if a superuser runs certain CREATE EXTENSION statements, users may be able to execute arbitrary SQL functions under the identity of that superuser. The attacker must have the permission to create objects in the new extension's schema or a schema of a prerequisite extension. However, not all extensions are vulnerable. This affects PostgreSQL 9.5.21 and below.
CVE-2020-14350 will not affect Endpoint Central. The CREATE EXTENSION permission is only granted to the superusers and the extensions are created in the pg_catalog schema. In this CVE, users must have the CREATE EXTENSION permission in the extension's schema to execute arbitrary SQL functions. Non-superusers do not have access to pg_catalog schema. Therefore, they cannot create objects.
Although the Endpoint Central is not vulnerable to this CVE, we'll be upgrading to the latest PostgreSQL version during our regular third-party components upgrade cycle.