Description
An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system.
Published: 2026-04-02
Score: 9.9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

An internal database user with superuser privileges in Percona PMM can exploit the 'Add data source' function to escape the database context and launch arbitrary shell commands on the host operating system. This flaw permits complete compromise of the underlying system, allowing an attacker to read, modify or delete any data, exfiltrate sensitive information, or pivot to other systems. The weakness is a privilege escalation vulnerability, classified as CWE-250.

Affected Systems

Percona Monitoring and Management versions earlier than 3.7 are affected. The vulnerability is present in any deployment where an attacker can obtain pmm‑admin privileges or equivalent and use the Add data source feature. All supported operating systems running these versions are potentially impacted.

Risk and Exploitability

The CVSS score of 9.9 indicates a critical severity, and the lack of EPSS data suggests the exploit could be readily available to those with the necessary administrative access. Since this flaw allows execution of arbitrary shell commands, the impact is system‑wide and the exploitability is high for users with pmm‑admin rights. This vulnerability is not listed in the CISA KEV catalog, but the critical score warrants urgent attention.

Generated by OpenCVE AI on April 2, 2026 at 21:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Percona PMM to version 3.7.0 or later, as the release notes indicate the issue is fixed in 3.7

Generated by OpenCVE AI on April 2, 2026 at 21:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Internal superuser privileges enable remote code execution in Percona PMM 3.6.x
First Time appeared Percona
Percona pmm
Vendors & Products Percona
Percona pmm

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system.
Weaknesses CWE-250
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

Percona Pmm
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-02T17:39:21.169Z

Reserved: 2026-01-30T00:00:00.000Z

Link: CVE-2026-25212

cve-icon Vulnrichment

Updated: 2026-04-02T17:37:50.318Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-02T17:16:21.687

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-25212

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:19:03Z

Weaknesses