โ† ุงู„ุนูˆุฏุฉ ู„ู„ุฌุฏูˆู„
CVE-2026-44477
CVE-2026-44477 - CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE
๐Ÿ“… 2026-05-28 20:16:30
๐Ÿ”ด Critical ๐Ÿ”ฅ No MITRE CVE High ICS/OT OT/ICS

๐Ÿ“‹ ุงู„ูˆุตู ุงู„ูƒุงู…ู„

CVE ID :CVE-2026-44477 Published : May 28, 2026, 5:16 p.m. | 1ย hour, 8ย minutes ago Description :CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROL

๐Ÿ’ป ุงู„ุฃู†ุธู…ุฉ ุงู„ู…ุชุฃุซุฑุฉ

Kubernetes 1.30.x

โš ๏ธ ู†ูˆุน ุงู„ุชู‡ุฏูŠุฏ

ICS/OT

๐Ÿ”— CVE ID

CVE-2026-44477

๐Ÿ“ก ุงู„ู…ุตุฏุฑ

MITRE CVE High

โœ… ุงู„ุญู„ูˆู„ ูˆุงู„ุชุฎููŠู

Refer to CVE-2026-44477 NVD advisory

๐Ÿ”— ุงู„ู…ุตุฏุฑ ุงู„ุฃุตู„ูŠ โ† ๐Ÿ“˜ NVD โ† โšก CISA KEV โ†