RCE in Delphix Continuous Data Cassandra Connector

CVE-2026-8654

Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (16.7th percentile) — read the EPSS interpretation.

Affected products

Delphix Continuous Data Cassandra Connector — versions 0
Delphix Continuous Data Cockroachdb Connector — versions 0
Delphix Continuous Data Couchbase Connector — versions 0
Delphix Continuous Data Ibm Db2 Connector — versions 0
Delphix Continuous Data Mangodb Connector — versions 0
Delphix Continuous Data Mssql On Linux Connector — versions 0
Delphix Continuous Data Mysql Connector — versions 0
Delphix Continuous Data Oracle Backup Ingestion Connector — versions 0
Delphix Continuous Data Oracle Ebs Connector — versions 0
Delphix Continuous Data Postgresql Connector — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

security@puppet.com (vendor-advisory)