HIGH SeverityCVSS 4.08.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2026-8654

Last updated May 15, 2026 · Published May 15, 2026

Description

Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host.

Affected products

1 listed

Delphix Continuous data:Cassandra Connector; Delphix Continuous data:CockroachDB Connector; Delphix Continuous data:Couchbase Connector; Delphix Continuous data:IBM Db2 Connector; Delphix Continuous data:MSSQL on Linux Connector; Delphix Continuous data:MangoDB Connector; Delphix Continuous data:MySQL Connector; Delphix Continuous data:Oracle Backup Ingestion Connector; Delphix Continuous data:Oracle EBS Connector; Delphix Continuous data:PostgreSQL Connector; Delphix Continuous data:SAP HANA Connector; Delphix Continuous data:YugabyteDB Connector

Mappings

CWE

CWE-78

CAPEC

CAPEC-88

Research

Command injection: how it works and how to prevent itCommand injection happens when untrusted input reaches a shell or process spawn. Avoid the shell, pass…

Training

Injection TodaySQL, NoSQL, ORM, and LLM injection - what's changed and what hasn't.

CVE-2026-8654

Description

Affected products

Mappings

Related