CVE-2026-25212

Name of the Vulnerable Software and Affected Versions Percona PMM versions prior to 3.7

Description A flaw exists in Percona PMM that allows an attacker with pmm-admin rights to execute shell commands on the underlying operating system. This is possible because an internal database user retains specific superuser privileges, which can be exploited through the 'Add data source' feature to break out of the database context.

Recommendations Update Percona PMM to version 3.7 or later.