CVE-2026-8654

Summary

Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host.

Affected Software

VendorProductVersion RangeStatus
Delphix Continuous dataIBM Db2 Connector0 < 2025.2affected
Delphix Continuous dataMangoDB Connector0 < 2025.2.1affected
Delphix Continuous dataPostgreSQL Connector0 < 2025.1.0affected
Delphix Continuous dataMySQL Connector0 < 2025.1.0affected
Delphix Continuous dataOracle EBS Connector0 < 2025.2.0affected
Delphix Continuous dataSAP HANA Connector0 < 2026.2.0affected
Delphix Continuous dataCockroachDB Connector0 < 2025.2.0affected
Delphix Continuous dataCouchbase Connector0 < 1.3.2affected
Delphix Continuous dataCassandra Connector0 < 2025.1.0affected
Delphix Continuous dataYugabyteDB Connector0 < 2025.1.1affected
Delphix Continuous dataMSSQL on Linux Connector0 < 2025.1.0affected
Delphix Continuous dataOracle Backup Ingestion Connector0 < 4.2.1affected

Weaknesses

  • CWE-78: CWE-78 Improper neutralization of special elements used in an OS command ('OS command injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References