—
GO-2026-5106
CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE in github.com/cloudnative-pg/cloudnative-pg
Details
CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE in github.com/cloudnative-pg/cloudnative-pg
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/cloudnative-pg/cloudnative-pg
Introduced in:
0 Fixed in: 1.28.3 Fix
go get github.com/cloudnative-pg/cloudnative-pg@v1.28.3 References
- https://github.com/cloudnative-pg/cloudnative-pg/security/advisories/GHSA-423p-g724-fr39 [ADVISORY]
- https://nvd.nist.gov/vuln/detail/CVE-2026-44477 [ADVISORY]
- https://github.com/cloudnative-pg/cloudnative-pg/pull/10576 [FIX]
- https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.28.3 [WEB]
- https://github.com/cloudnative-pg/cloudnative-pg/releases/tag/v1.29.1 [WEB]