What is CVE-2026-44477?

CVE-2026-44477 is a critical-severity vulnerability in Cloudnative-pg, classified under CWE-250. CVSS score: 9.9/10. Published 2026-05-28.

How severe is CVE-2026-44477?

Critical severity. CVSS v3 base score is 9.9 out of 10.

Vulnerability in Cloudnative-pg

CVE-2026-44477

CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local…

EPSS: 0.000 (14.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Cloudnative-pg — versions < 1.28.3, >= 1.29.0, < 1.29.1
Linuxfoundation Cloudnativepg

Weakness classification (CWE)

References

security-advisories@github.com (x_refsource_CONFIRM, Mitigation, Vendor Advisory)
security-advisories@github.com (Patch, x_refsource_MISC, Issue Tracking)

Frequently asked questions

What is CVE-2026-44477?: CVE-2026-44477 is a critical-severity vulnerability in Cloudnative-pg, classified under CWE-250. CVSS score: 9.9/10. Published 2026-05-28.
How severe is CVE-2026-44477?: Critical severity. CVSS v3 base score is 9.9 out of 10.