https://cybercrime.club/tags/cve-2026-44477/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usMon, 18 May 2026 11:09:21 -0400https://cybercrime.club/posts/cloudnativepg-cve-2026-44477-metrics-exporter-postgres-superuser-rce/Mon, 18 May 2026 11:09:21 -0400https://cybercrime.club/posts/cloudnativepg-cve-2026-44477-metrics-exporter-postgres-superuser-rce/A residual session_user=postgres in CloudNativePG's metrics exporter lets any low-privileged database user RESET ROLE back to superuser and reach OS-level command execution via COPY TO PROGRAM. CVSS 9.4. Patched in 1.28.3 and 1.29.1.vulnerability