Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system.
AnalysisAI
Percona PMM (Percona Monitoring and Management) versions prior to 3.7 allow authenticated users with pmm-admin privileges to execute arbitrary operating system commands by exploiting excessive database superuser privileges through the 'Add data source' feature. This privilege escalation vulnerability enables container/system breakout from database context to shell access. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must possess valid pmm-admin role credentials-a privileged administrative account within Percona PMM with rights to manage data sources and monitoring configurations. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 9.9 (Critical) reflects the severe technical impact: network-accessible (AV:N), low complexity (AC:L), scope change (S:C) enabling container breakout, and complete CIA triad compromise. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with previously obtained pmm-admin credentials (through phishing, credential stuffing, or insider access) authenticates to the Percona PMM web interface. They navigate to the 'Add data source' feature and craft a malicious data source configuration containing shell metacharacters or command injection payloads. … |
| Remediation | Upgrade to Percona PMM version 3.7.0 or later, as confirmed by the vendor release notes at https://docs.percona.com/percona-monitoring-and-management/3/release-notes/3.7.0.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all Percona PMM deployments and identify instances running versions prior to 3.7; verify current version via 'pmm-admin status' or web UI settings. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-250 – Execution with Unnecessary Privileges
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18364
GHSA-hm6f-x2ww-p497