Critical severity9.9NVD Advisory· Published Apr 2, 2026· Updated Apr 21, 2026
CVE-2026-25212
CVE-2026-25212
Description
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:percona:monitoring_and_management:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:percona:monitoring_and_management:*:*:*:*:*:*:*:*range: <3.7.0
- (no CPE)range: <3.7
Patches
Vulnerability mechanics
References
2- docs.percona.com/percona-monitoring-and-management/3/release-notes/3.7.0.htmlnvdRelease NotesVendor Advisory
- percona.comnvdProduct
News mentions
0No linked articles in our index yet.