Skip to main content

CockroachDB

2 CVEs database

Monthly

CVE-2026-8654 HIGH PATCH This Week

Command injection in Delphix Continuous Data database connectors allows authenticated attackers with low-privilege network access to execute arbitrary operating system commands on staging or target hosts. The vulnerability affects multiple database connector types (IBM DB2, MongoDB, PostgreSQL, MySQL, Oracle EBS, SAP HANA, CockroachDB, Couchbase, Cassandra, YugabyteDB) due to improper input validation (CWE-78). Network-based exploitation with low complexity (AV:N/AC:L) requires authentication (PR:L) but no user interaction, resulting in complete compromise of confidentiality, integrity, and availability on affected connector hosts. Vendor Perforce has published an advisory; no CISA KEV listing or public exploit identified at time of analysis.

Command Injection Ibm Db2 Connector Mangodb Connector Postgresql Connector Mysql Connector +9
NVD VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-9276 CRITICAL Act Now

Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Cockroach K8S Request Cert CockroachDB
NVD
CVSS 3.0
9.8
EPSS
0.6%
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Command injection in Delphix Continuous Data database connectors allows authenticated attackers with low-privilege network access to execute arbitrary operating system commands on staging or target hosts. The vulnerability affects multiple database connector types (IBM DB2, MongoDB, PostgreSQL, MySQL, Oracle EBS, SAP HANA, CockroachDB, Couchbase, Cassandra, YugabyteDB) due to improper input validation (CWE-78). Network-based exploitation with low complexity (AV:N/AC:L) requires authentication (PR:L) but no user interaction, resulting in complete compromise of confidentiality, integrity, and availability on affected connector hosts. Vendor Perforce has published an advisory; no CISA KEV listing or public exploit identified at time of analysis.

Command Injection Ibm Db2 Connector Mangodb Connector +11
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Cockroach Labs cockroach-k8s-request-cert Empty Root Password Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Kubernetes Cockroach K8S Request Cert +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy