How is CVE-2026-44477 exploited?

Network reachability (required): The attacker must reach the metrics exporter endpoint over the network; the CVSS vector specifies AV:N, meaning no local or physical access is required. Authentication (required): PR:L indicates that any low-privilege account is sufficient; the attacker does not need admin credentials, but some level of authenticated access to the scrape or SQL evaluation surface is needed. Victim interaction (not-required): UI:N confirms no user action or social engineering is needed; the attacker exploits the vulnerability entirely without involving another person. Attack complexity (info): AC:L means the exploit is reliable and condition-free; no race conditions, specific memory layout, or environmental pre-conditions need to be satisfied.

What is the impact of CVE-2026-44477?

The attacker reclaims PostgreSQL superuser privileges within the scrape session, gaining unrestricted read and write access to all databases on the primary pod. Using COPY ... TO PROGRAM, the attacker spawns arbitrary OS-level subprocesses as the postgres user inside the primary Kubernetes pod. With OS-level execution, the attacker reads or exfiltrates stored database contents, secrets mounted into the pod, and service account tokens accessible on the filesystem. The attacker modifies or destroys database state and can disrupt PostgreSQL availability, affecting all workloads dependent on the primary instance.

Back to search

CRITICALCVE-2026-44477Published 2026-05-28Modified 2026-05-28CNA GitHub_M

CVE-2026-44477: CloudNativePG: Metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE

CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE pg_monitor. SET ROLE changes only current_user; session_user remains postgres. Any SQL expression evaluated inside the scrape session can invoke RESET ROLE to recover real superuser privileges, then use COPY ... TO PROGRAM to spawn an OS-level subprocess as the postgres user inside the primary pod. The READ ONLY transaction flag does not block this; it gates writes to database state, not external processes. This vulnerability is fixed in 1.29.1 and 1.28.3.

HarborGuard Analysis

HarborGuard analysis

Synopsis

This is a privilege escalation and remote code execution vulnerability in CloudNativePG, the Kubernetes-native PostgreSQL operator. The metrics exporter connects to PostgreSQL as the postgres superuser and attempts to demote itself with SET ROLE, but session_user remains postgres throughout, so any SQL expression evaluated during a scrape can call RESET ROLE to reclaim full superuser rights and then use COPY ... TO PROGRAM to run arbitrary OS commands inside the primary pod. A low-privilege authenticated attacker reachable over the network can escalate to PostgreSQL superuser and execute arbitrary processes as the postgres OS user. No fix versions have been published yet; HarborGuard tracks this advisory and will make a patched-image rebuild available the moment upstream ships a fix.

HarborGuard Coverage

Detection

Detection for CVE-2026-44477 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that bundle the CloudNativePG operator or its metrics exporter component.

Available

Triage

HarborGuard surfaces this CVE with its CVSS v4.0 score of 9.4 (Critical), weighted further against each environment's compliance policy to determine blast-radius severity and route findings to the appropriate team inbox within the customer org.

Available

Patch

Because no fix version has been published upstream, HarborGuard re-evaluates this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment CloudNativePG ships a corrected release. For customers who opt into auto-remediation, the rebuild, regression-test run, and PR against affected workloads will be triggered without manual intervention.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The attacker must reach the metrics exporter endpoint over the network; the CVSS vector specifies AV:N, meaning no local or physical access is required.
AuthenticationRequired
PR:L indicates that any low-privilege account is sufficient; the attacker does not need admin credentials, but some level of authenticated access to the scrape or SQL evaluation surface is needed.
Victim interactionNot required
UI:N confirms no user action or social engineering is needed; the attacker exploits the vulnerability entirely without involving another person.
Attack complexityDetail
AC:L means the exploit is reliable and condition-free; no race conditions, specific memory layout, or environmental pre-conditions need to be satisfied.

Blast Radius

The attacker reclaims PostgreSQL superuser privileges within the scrape session, gaining unrestricted read and write access to all databases on the primary pod.
Using COPY ... TO PROGRAM, the attacker spawns arbitrary OS-level subprocesses as the postgres user inside the primary Kubernetes pod.
With OS-level execution, the attacker reads or exfiltrates stored database contents, secrets mounted into the pod, and service account tokens accessible on the filesystem.
The attacker modifies or destroys database state and can disrupt PostgreSQL availability, affecting all workloads dependent on the primary instance.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix has been published for CVE-2026-44477, HarborGuard continuously re-checks the CloudNativePG advisory on every ingest cycle and will trigger a patched-image rebuild automatically the moment versions 1.28.3 or 1.29.1 (or any subsequent fix) are released. For customers who opt into auto-remediation, the rebuild, regression-test run, and PR against affected workloads will fire without requiring manual action. While waiting for an upstream fix, compensating controls available to HarborGuard-managed environments include network-policy isolation to restrict which pods and service accounts can reach the metrics exporter endpoint, egress filtering on the primary pod to block unexpected outbound connections initiated by COPY ... TO PROGRAM subprocesses, and review of any custom SQL expressions or Prometheus scrape configurations that may be evaluated inside the exporter session. Findings for this CVE are routed with Critical priority and weighted against each environment's compliance policy to ensure the right team receives the alert without delay.

See how HarborGuard automates this

CVSS v4.0: 9.4
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

cloudnative-pg / cloudnative-pg
< 1.28.3 · >= 1.29.0, < 1.29.1

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

References