Skip to main content

Percona PMM EUVDEUVD-2026-18364

| CVE-2026-25212 CRITICAL
Execution with Unnecessary Privileges (CWE-250)
2026-04-02 mitre GHSA-hm6f-x2ww-p497
9.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Updated
Apr 21, 2026 - 00:44 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 21, 2026 - 00:37 vuln.today
cvss_changed
EUVD ID Assigned
Apr 02, 2026 - 16:30 euvd
EUVD-2026-18364
Analysis Generated
Apr 02, 2026 - 16:30 vuln.today
CVE Published
Apr 02, 2026 - 00:00 nvd
CRITICAL 9.9

DescriptionCVE.org

An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system.

AnalysisAI

Percona PMM (Percona Monitoring and Management) versions prior to 3.7 allow authenticated users with pmm-admin privileges to execute arbitrary operating system commands by exploiting excessive database superuser privileges through the 'Add data source' feature. This privilege escalation vulnerability enables container/system breakout from database context to shell access. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain pmm-admin credentials
Delivery
Authenticate to PMM interface
Exploit
Access 'Add data source' feature
Install
Inject OS commands via data source parameters
C2
Trigger privileged database execution
Execute
Break database context
Impact
Execute shell commands as PMM service account

Vulnerability AssessmentAI

Exploitation Attacker must possess valid pmm-admin role credentials-a privileged administrative account within Percona PMM with rights to manage data sources and monitoring configurations. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 9.9 (Critical) reflects the severe technical impact: network-accessible (AV:N), low complexity (AC:L), scope change (S:C) enabling container breakout, and complete CIA triad compromise. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with previously obtained pmm-admin credentials (through phishing, credential stuffing, or insider access) authenticates to the Percona PMM web interface. They navigate to the 'Add data source' feature and craft a malicious data source configuration containing shell metacharacters or command injection payloads. …
Remediation Upgrade to Percona PMM version 3.7.0 or later, as confirmed by the vendor release notes at https://docs.percona.com/percona-monitoring-and-management/3/release-notes/3.7.0.html. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all Percona PMM deployments and identify instances running versions prior to 3.7; verify current version via 'pmm-admin status' or web UI settings. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-18364 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy