Delphix Continuous Data Connectors Authenticated OS Command Injection Vulnerability

A vulnerability allowing authenticated users to execute arbitrary operating system commands on the staging or target host has been identified in Delphix Continuous Data connectors. This issue arises from improper input validation, and it affects several different connector versions prior to 2025.2, 2025.2.1, 2025.1.0, 2025.2.0, 2026.2.0, 1.3.2, and 4.2.1.

Impact

Exploitation of this vulnerability allows for authenticated OS command injection, where an attacker can execute arbitrary commands on the host operating system.

Remediation

Users can upgrade to the following versions to address this vulnerability: IBM Db2 Connector 2025.2, MongoDB Connector 2025.2.1, PostgreSQL Connector 2025.1.0, MySQL Connector 2025.1.0, Oracle EBS Connector 2025.2.0, SAP HANA Connector 2026.2.0, CockroachDB Connector 2025.2.0, Couchbase Connector 1.3.2, Cassandra Connector 2025.1.0, YugabyteDB Connector 2025.1.1, MSSQL Server on Linux Connector 2025.1.0, and Oracle Backup Ingestion (OBI) Connector 4.2.1.