PT-2026-41270 · Delphix · Delphix Continuous Data Connectors

Published

2026-05-15

·

Updated

2026-05-15

·

CVE-2026-8654

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions Delphix Continuous Data connectors (affected versions not specified)
Description Improper input validation in Delphix Continuous Data connectors, including the IBM Db2, MongoDB, PostgreSQL, MySQL, and Oracle EBS connectors, allows an authenticated user to execute arbitrary operating system commands on the staging or target host.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-8654

Affected Products

Delphix Continuous Data Connectors