This page lists publicly disclosed CVE vulnerabilities affecting percona monitoring_and_management (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-25212 | An issue was discovered in Percona PMM before 3.7. Because an internal database user retains specific superuser privileges, an attacker with pmm-admin rights can abuse the "Add data source" feature to break out of the database context and execute shell commands on the underlying operating system. | [email protected] | 9.9 | 0.05% | 2026-04-02 | 2026-04-21 |
| CVE-2023-34409 | In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticated API routes, to access otherwise protected API routes leading to escalation of privileges and information disclosure. | [email protected] | 9.8 | 2.54% | 2023-06-06 | 2025-01-08 |
| CVE-2020-7920 | pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service. | [email protected] | 7.5 | 0.76% | 2020-02-06 | 2024-11-21 |