CVE-2026-44477

Published: Mag 28, 2026 Last Modified: Mag 28, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,4

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pg_monitor. SET ROLE changes only current_user; session_user remains postgres. Any SQL expression evaluated inside the scrape session can invoke RESET ROLE to recover real superuser privileges, then use COPY ... TO PROGRAM to spawn an OS-level subprocess as the postgres user inside the primary pod. The READ ONLY transaction flag does not block this; it gates writes to database state, not external processes. This vulnerability is fixed in 1.29.1 and 1.28.3.

250

Execution with Unnecessary Privileges

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Access Control

Potential Impacts:

Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Read Application Data Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: AI/ML, Mobile

Likelihood of Exploit: Medium

View CWE Details

271

Privilege Dropping / Lowering Errors

Incomplete

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Non-Repudiation

Potential Impacts:

Gain Privileges Or Assume Identity Hide Activities

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

426

Untrusted Search Path

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability Access Control

Potential Impacts:

Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Read Files Or Directories

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

https://github.com/cloudnative-pg/cloudnative-pg/pull/10576

https://github.com/cloudnative-pg/cloudnative-pg/security/a…

https://github.com/cloudnative-pg/cloudnative-pg/security/advisories/GHSA-423p-…

CVE-2026-44477

Description

Execution with Unnecessary Privileges

Common Consequences

Applicable Platforms

Privilege Dropping / Lowering Errors

Common Consequences

Applicable Platforms

Untrusted Search Path

Common Consequences

Applicable Platforms

Iscriviti alla newsletter