Critical severity9.9NVD Advisory· Published Apr 2, 2026· Updated Apr 21, 2026
CVE-2026-25212
CVE-2026-25212
Description
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system.
Affected products
1- cpe:2.3:a:percona:monitoring_and_management:*:*:*:*:*:*:*:*Range: <3.7.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- docs.percona.com/percona-monitoring-and-management/3/release-notes/3.7.0.htmlnvdRelease NotesVendor Advisory
- percona.comnvdProduct
News mentions
0No linked articles in our index yet.