HIGHCVE-2026-8654Published Modified CNA Perforce
CVE-2026-8654: Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host
Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host.
Metrics
- CVSS v4.0
- 8.7
- Severity
- HIGH
- Fixed in
- 1.3.2
- Affected Products
- 12
Fix available
1.3.24.2.12025.1.02025.1.12025.22025.2.02025.2.12026.2.0
Affected packages
- Delphix Continuous data / IBM Db2 Connector< 2025.2 (from 0)
- Delphix Continuous data / MangoDB Connector< 2025.2.1 (from 0)
- Delphix Continuous data / PostgreSQL Connector< 2025.1.0 (from 0)
- Delphix Continuous data / MySQL Connector< 2025.1.0 (from 0)
- Delphix Continuous data / Oracle EBS Connector< 2025.2.0 (from 0)
- Delphix Continuous data / SAP HANA Connector< 2026.2.0 (from 0)
- Delphix Continuous data / CockroachDB Connector< 2025.2.0 (from 0)
- Delphix Continuous data / Couchbase Connector< 1.3.2 (from 0)
- Delphix Continuous data / Cassandra Connector< 2025.1.0 (from 0)
- Delphix Continuous data / YugabyteDB Connector< 2025.1.1 (from 0)
- Delphix Continuous data / MSSQL on Linux Connector< 2025.1.0 (from 0)
- Delphix Continuous data / Oracle Backup Ingestion Connector< 4.2.1 (from 0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences