Product
CVE-2026-44477 allows a low-privileged database user to escalate to PostgreSQL superuser and achieve OS command execution as the `postgres` user within the primary pod by exploiting the metrics exporter's superuser connection via custom metric queries or the default configuration.