Which versions of Delphix Continuous Data are affected by CVE-2026-8654?

Delphix Continuous Data's database connectors contain a command injection vulnerability (CVE-2026-8654, CVSS 8.7) that allows authenticated users with low-privilege network access to execute…. A patch is available.

Delphix Continuous Data CVE-2026-8654

Q: What is the CVSS score of CVE-2026-8654?

CVE-2026-8654 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-30508 HIGH

OS Command Injection (CWE-78)

2026-05-15 Perforce

GHSA-x5cx-4h7g-fcf9

Command Injection

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 15, 2026 - 08:01 EUVD

Analysis Generated

May 15, 2026 - 07:30 vuln.today

CVSS changed

May 15, 2026 - 07:22 NVD

8.7 (HIGH)

CVE Published

May 15, 2026 - 05:59 nvd

HIGH 8.7

DescriptionNVD

Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host.

AnalysisAI

Command injection in Delphix Continuous Data database connectors allows authenticated attackers with low-privilege network access to execute arbitrary operating system commands on staging or target hosts. The vulnerability affects multiple database connector types (IBM DB2, MongoDB, PostgreSQL, MySQL, Oracle EBS, SAP HANA, CockroachDB, Couchbase, Cassandra, YugabyteDB) due to improper input validation (CWE-78). …

RemediationAI

Within 24 hours: (1) Identify all Delphix Continuous Data instances and their connected database systems; (2) Review and restrict network access to Delphix staging/target hosts to trusted administrative IP ranges only; (3) Disable or isolate database connectors for non-critical systems if possible. Within 7 days: (1) Implement enhanced authentication controls-enforce MFA or IP whitelisting for all Delphix low-privilege accounts; (2) Enable detailed command and network logging on all connected database hosts; (3) Contact Perforce for patch timeline and interim advisory details. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8654 vulnerability details – vuln.today

Back

Delphix Continuous Data CVE-2026-8654

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Delphix Continuous Data CVE-2026-8654

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code