Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Delphix Continuous data IBM Db2 Connector unaffected
Version Status Constraints
0 affected < 2025.2
Delphix Continuous data MangoDB Connector unaffected
Version Status Constraints
0 affected < 2025.2.1
Delphix Continuous data PostgreSQL Connector unaffected
Version Status Constraints
0 affected < 2025.1.0
Delphix Continuous data MySQL Connector unaffected
Version Status Constraints
0 affected < 2025.1.0
Delphix Continuous data Oracle EBS Connector unaffected
Version Status Constraints
0 affected < 2025.2.0
Delphix Continuous data SAP HANA Connector unaffected
Version Status Constraints
0 affected < 2026.2.0
Delphix Continuous data CockroachDB Connector unaffected
Version Status Constraints
0 affected < 2025.2.0
Delphix Continuous data Couchbase Connector unaffected
Version Status Constraints
0 affected < 1.3.2
Delphix Continuous data Cassandra Connector unaffected
Version Status Constraints
0 affected < 2025.1.0
Delphix Continuous data YugabyteDB Connector unaffected
Version Status Constraints
0 affected < 2025.1.1
Delphix Continuous data MSSQL on Linux Connector unaffected
Version Status Constraints
0 affected < 2025.1.0
Delphix Continuous data Oracle Backup Ingestion Connector unaffected
Version Status Constraints
0 affected < 4.2.1

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

No data.

Project Subscriptions

Vendors Products
Delphix Continuous Data Subscribe
Cassandra Connector Subscribe
Cockroachdb Connector Subscribe
Couchbase Connector Subscribe
Ibm Db2 Connector Subscribe
Mangodb Connector Subscribe
Mssql On Linux Connector Subscribe
Mysql Connector Subscribe
Oracle Backup Ingestion Connector Subscribe
Oracle Ebs Connector Subscribe
Postgresql Connector Subscribe
Sap Hana Connector Subscribe
Yugabytedb Connector Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://portal.perforce.com/s/cve/a91Qi000002z78HIAQ/authenticated-os-command-injection-in-delphix-continuous-data-connectors cve-icon cve-icon
History

Fri, 15 May 2026 08:45:00 +0000

Type Values Removed Values Added
Title Authenticated OS Command Injection in Delphix Continuous Data Connectors

Fri, 15 May 2026 07:00:00 +0000

Type Values Removed Values Added
Description Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host.
First Time appeared Delphix Continuous Data
Delphix Continuous Data cassandra Connector
Delphix Continuous Data cockroachdb Connector
Delphix Continuous Data couchbase Connector
Delphix Continuous Data ibm Db2 Connector
Delphix Continuous Data mangodb Connector
Delphix Continuous Data mssql On Linux Connector
Delphix Continuous Data mysql Connector
Delphix Continuous Data oracle Backup Ingestion Connector
Delphix Continuous Data oracle Ebs Connector
Delphix Continuous Data postgresql Connector
Delphix Continuous Data sap Hana Connector
Delphix Continuous Data yugabytedb Connector
Weaknesses CWE-78
CPEs cpe:2.3:a:delphix_continuous_data:cassandra_connector:*:*:*:*:*:*:*:*
cpe:2.3:a:delphix_continuous_data:cockroachdb_connector:*:*:*:*:*:*:*:*
cpe:2.3:a:delphix_continuous_data:couchbase_connector:*:*:*:*:*:*:*:*
cpe:2.3:a:delphix_continuous_data:ibm_db2_connector:*:*:*:*:*:*:*:*
cpe:2.3:a:delphix_continuous_data:mangodb_connector:*:*:*:*:*:*:*:*
cpe:2.3:a:delphix_continuous_data:mssql_on_linux_connector:*:*:*:*:*:*:*:*
cpe:2.3:a:delphix_continuous_data:mysql_connector:*:*:*:*:*:*:*:*
cpe:2.3:a:delphix_continuous_data:oracle_backup_ingestion_connector:*:*:*:*:*:*:*:*
cpe:2.3:a:delphix_continuous_data:oracle_ebs_connector:*:*:*:*:*:*:*:*
cpe:2.3:a:delphix_continuous_data:postgresql_connector:*:*:*:*:*:*:*:*
cpe:2.3:a:delphix_continuous_data:sap_hana_connector:*:*:*:*:*:*:*:*
cpe:2.3:a:delphix_continuous_data:yugabytedb_connector:*:*:*:*:*:*:*:*
Vendors & Products Delphix Continuous Data
Delphix Continuous Data cassandra Connector
Delphix Continuous Data cockroachdb Connector
Delphix Continuous Data couchbase Connector
Delphix Continuous Data ibm Db2 Connector
Delphix Continuous Data mangodb Connector
Delphix Continuous Data mssql On Linux Connector
Delphix Continuous Data mysql Connector
Delphix Continuous Data oracle Backup Ingestion Connector
Delphix Continuous Data oracle Ebs Connector
Delphix Continuous Data postgresql Connector
Delphix Continuous Data sap Hana Connector
Delphix Continuous Data yugabytedb Connector
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Perforce

Published:

Updated: 2026-05-15T06:14:00.862Z

Reserved: 2026-05-15T05:14:12.757Z

Link: CVE-2026-8654

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-15T07:16:20.397

Modified: 2026-05-15T07:16:20.397

Link: CVE-2026-8654

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T08:30:40Z

Weaknesses