CVE-2026-25212

Critical CVSS: 9.9

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system.

Vendor

Product

CWE

CWE-250

Yayın Tarihi

2026-04-02 17:16:21

Güncelleme

2026-04-03 16:10:23

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-250 CRITICAL 2026

Referanslar

https://docs.percona.com/percona-monitoring-and-management/3/release-notes/3.7.0.html#authenticated-remote-code-execution-via-internal-data-source-cve-2026-25212 https://percona.com