Vulnerability-Lookup

alsa-2026:20693

Vulnerability from osv_almalinux

Published

2026-05-26 00:00

Modified

2026-05-27 12:56

Summary

Moderate: mysql8.4 security update

Details

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

Security Fix(es):

mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-22004)
mysql: Information Schema unspecified vulnerability (CPU Apr 2026) (CVE-2026-22001)
mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34271)
mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22009)
mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35237)
mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-21998)
mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22005)
mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35238)
mysql: DML unspecified vulnerability (CPU Apr 2026) (CVE-2026-35239)
mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22002)
mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35236)
mysql: JSON unspecified vulnerability (CPU Apr 2026) (CVE-2026-34308)
mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-34303)
mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-35240)
mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22017)
mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-34304)
mysql: Information Schema unspecified vulnerability (CPU Apr 2026) (CVE-2026-22015)
mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34276)
mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34270)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:20693	ADVISORY
	https://access.redhat.com/security/cve/CVE-2026-21998	REPORT
	https://access.redhat.com/security/cve/CVE-2026-22001	REPORT
	https://access.redhat.com/security/cve/CVE-2026-22002	REPORT
	https://access.redhat.com/security/cve/CVE-2026-22004	REPORT
	https://access.redhat.com/security/cve/CVE-2026-22005	REPORT
	https://access.redhat.com/security/cve/CVE-2026-22009	REPORT
	https://access.redhat.com/security/cve/CVE-2026-22015	REPORT
	https://access.redhat.com/security/cve/CVE-2026-22017	REPORT
	https://access.redhat.com/security/cve/CVE-2026-34270	REPORT
	https://access.redhat.com/security/cve/CVE-2026-34271	REPORT
	https://access.redhat.com/security/cve/CVE-2026-34276	REPORT
	https://access.redhat.com/security/cve/CVE-2026-34303	REPORT
	https://access.redhat.com/security/cve/CVE-2026-34304	REPORT
	https://access.redhat.com/security/cve/CVE-2026-34308	REPORT
	https://access.redhat.com/security/cve/CVE-2026-35236	REPORT
	https://access.redhat.com/security/cve/CVE-2026-35237	REPORT
	https://access.redhat.com/security/cve/CVE-2026-35238	REPORT
	https://access.redhat.com/security/cve/CVE-2026-35239	REPORT
	https://access.redhat.com/security/cve/CVE-2026-35240	REPORT
	https://bugzilla.redhat.com/2460274	REPORT
	https://bugzilla.redhat.com/2460275	REPORT
	https://bugzilla.redhat.com/2460276	REPORT
	https://bugzilla.redhat.com/2460279	REPORT
	https://bugzilla.redhat.com/2460295	REPORT
	https://bugzilla.redhat.com/2460312	REPORT
	https://bugzilla.redhat.com/2460315	REPORT
	https://bugzilla.redhat.com/2460316	REPORT
	https://bugzilla.redhat.com/2460323	REPORT
	https://bugzilla.redhat.com/2460324	REPORT
	https://bugzilla.redhat.com/2460325	REPORT
	https://bugzilla.redhat.com/2460326	REPORT
	https://bugzilla.redhat.com/2460329	REPORT
	https://bugzilla.redhat.com/2460335	REPORT
	https://bugzilla.redhat.com/2460342	REPORT
	https://bugzilla.redhat.com/2460344	REPORT
	https://bugzilla.redhat.com/2460348	REPORT
	https://bugzilla.redhat.com/2460356	REPORT
	https://bugzilla.redhat.com/2460358	REPORT
	https://errata.almalinux.org/10/ALSA-2026-20693.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "mysql8.4"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.4.9-1.el10_2.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "mysql8.4-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.4.9-1.el10_2.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "mysql8.4-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.4.9-1.el10_2.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "mysql8.4-errmsg"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.4.9-1.el10_2.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "mysql8.4-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.4.9-1.el10_2.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "mysql8.4-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.4.9-1.el10_2.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "mysql8.4-test"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.4.9-1.el10_2.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "mysql8.4-test-data"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.4.9-1.el10_2.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.  \n\nSecurity Fix(es):  \n\n  * mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-22004)\n  * mysql: Information Schema unspecified vulnerability (CPU Apr 2026) (CVE-2026-22001)\n  * mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34271)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22009)\n  * mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35237)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-21998)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22005)\n  * mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35238)\n  * mysql: DML unspecified vulnerability (CPU Apr 2026) (CVE-2026-35239)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22002)\n  * mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35236)\n  * mysql: JSON unspecified vulnerability (CPU Apr 2026) (CVE-2026-34308)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-34303)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-35240)\n  * mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22017)\n  * mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-34304)\n  * mysql: Information Schema unspecified vulnerability (CPU Apr 2026) (CVE-2026-22015)\n  * mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34276)\n  * mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34270)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:20693",
  "modified": "2026-05-27T12:56:49Z",
  "published": "2026-05-26T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:20693"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-21998"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-22001"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-22002"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-22004"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-22005"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-22009"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-22015"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-22017"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-34270"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-34271"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-34276"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-34303"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-34304"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-34308"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-35236"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-35237"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-35238"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-35239"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-35240"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460274"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460275"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460276"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460279"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460295"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460312"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460315"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460316"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460323"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460324"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460325"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460326"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460329"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460335"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460342"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460344"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460348"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460356"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2460358"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2026-20693.html"
    }
  ],
  "related": [
    "CVE-2026-22004",
    "CVE-2026-22001",
    "CVE-2026-34271",
    "CVE-2026-22009",
    "CVE-2026-35237",
    "CVE-2026-21998",
    "CVE-2026-22005",
    "CVE-2026-35238",
    "CVE-2026-35239",
    "CVE-2026-22002",
    "CVE-2026-35236",
    "CVE-2026-34308",
    "CVE-2026-34303",
    "CVE-2026-35240",
    "CVE-2026-22017",
    "CVE-2026-34304",
    "CVE-2026-22015",
    "CVE-2026-34276",
    "CVE-2026-34270"
  ],
  "summary": "Moderate: mysql8.4 security update"
}

CVE-2026-21998 (GCVE-0-2026-21998)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:34 – Updated: 2026-04-22 14:03

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.45 (custom) Affected: 8.4.0 , ≤ 8.4.8 (custom) Affected: 9.0.0 , ≤ 9.6.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21998",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:03:29.125075Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T14:03:33.673Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.45",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.6.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.45",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.8",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.6.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:34:59.321Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-21998",
    "datePublished": "2026-04-21T20:34:59.321Z",
    "dateReserved": "2026-01-05T18:07:34.723Z",
    "dateUpdated": "2026-04-22T14:03:33.673Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22001 (GCVE-0-2026-22001)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 14:07

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

Severity

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.45 (custom) Affected: 8.4.0 , ≤ 8.4.8 (custom) Affected: 9.0.0 , ≤ 9.6.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22001",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:07:31.146785Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T14:07:52.179Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.45",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.6.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.45",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.8",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.6.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Server accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:00.375Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-22001",
    "datePublished": "2026-04-21T20:35:00.375Z",
    "dateReserved": "2026-01-05T18:07:34.724Z",
    "dateUpdated": "2026-04-22T14:07:52.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22002 (GCVE-0-2026-22002)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 14:09

Summary

Severity

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.45 (custom) Affected: 8.4.0 , ≤ 8.4.8 (custom) Affected: 9.0.0 , ≤ 9.6.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22002",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:09:03.721912Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T14:09:22.952Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.45",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.6.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.45",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.8",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.6.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:00.843Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-22002",
    "datePublished": "2026-04-21T20:35:00.843Z",
    "dateReserved": "2026-01-05T18:07:34.725Z",
    "dateUpdated": "2026-04-22T14:09:22.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22004 (GCVE-0-2026-22004)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 14:11

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.45 (custom) Affected: 8.4.0 , ≤ 8.4.8 (custom) Affected: 9.0.0 , ≤ 9.6.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22004",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:11:02.316322Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T14:11:22.026Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.45",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.6.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.45",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.8",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.6.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:03.312Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-22004",
    "datePublished": "2026-04-21T20:35:03.312Z",
    "dateReserved": "2026-01-05T18:07:34.725Z",
    "dateUpdated": "2026-04-22T14:11:22.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22005 (GCVE-0-2026-22005)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 14:12

Summary

Severity

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.45 (custom) Affected: 8.4.0 , ≤ 8.4.8 (custom) Affected: 9.0.0 , ≤ 9.6.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22005",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:11:54.174108Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T14:12:16.029Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.45",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.6.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.45",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.8",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.6.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:03.736Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-22005",
    "datePublished": "2026-04-21T20:35:03.736Z",
    "dateReserved": "2026-01-05T18:07:34.726Z",
    "dateUpdated": "2026-04-22T14:12:16.029Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22009 (GCVE-0-2026-22009)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 13:36

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.45 (custom) Affected: 8.4.0 , ≤ 8.4.8 (custom) Affected: 9.0.0 , ≤ 9.6.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22009",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T13:36:31.244961Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T13:36:48.167Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.45",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.6.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.45",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.8",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.6.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:06.824Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-22009",
    "datePublished": "2026-04-21T20:35:06.824Z",
    "dateReserved": "2026-01-05T18:07:34.726Z",
    "dateUpdated": "2026-04-22T13:36:48.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22015 (GCVE-0-2026-22015)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 13:35

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.45 (custom) Affected: 8.4.0 , ≤ 8.4.8 (custom) Affected: 9.0.0 , ≤ 9.6.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22015",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T13:34:28.175080Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T13:35:16.426Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.45",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.6.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.45",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.8",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.6.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of MySQL Server accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:09.687Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-22015",
    "datePublished": "2026-04-21T20:35:09.687Z",
    "dateReserved": "2026-01-05T18:07:34.728Z",
    "dateUpdated": "2026-04-22T13:35:16.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22017 (GCVE-0-2026-22017)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 14:12

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.45 (custom) Affected: 8.4.0 , ≤ 8.4.8 (custom) Affected: 9.0.0 , ≤ 9.6.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22017",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:12:24.111392Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T14:12:38.085Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.45",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.6.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.45",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.8",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.6.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:10.837Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-22017",
    "datePublished": "2026-04-21T20:35:10.837Z",
    "dateReserved": "2026-01-05T18:07:34.728Z",
    "dateUpdated": "2026-04-22T14:12:38.085Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34270 (GCVE-0-2026-34270)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 13:54

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.45 (custom) Affected: 8.4.0 , ≤ 8.4.8 (custom) Affected: 9.0.0 , ≤ 9.6.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34270",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T13:54:25.810833Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T13:54:29.141Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.45",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.6.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.45",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.8",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.6.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:15.179Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-34270",
    "datePublished": "2026-04-21T20:35:15.179Z",
    "dateReserved": "2026-03-26T19:48:45.674Z",
    "dateUpdated": "2026-04-22T13:54:29.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34271 (GCVE-0-2026-34271)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 13:53

Summary

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: 8.0.0 , ≤ 8.0.45 (custom) Affected: 8.4.0 , ≤ 8.4.8 (custom) Affected: 9.0.0 , ≤ 9.6.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34271",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T13:53:05.606869Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T13:53:09.216Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.45",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.6.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.45",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.8",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.6.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).  Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and  9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:15.651Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-34271",
    "datePublished": "2026-04-21T20:35:15.651Z",
    "dateReserved": "2026-03-26T19:48:45.674Z",
    "dateUpdated": "2026-04-22T13:53:09.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2026:20693

Vulnerability from osv_almalinux

CVE-2026-21998 (GCVE-0-2026-21998)

CVE-2026-22001 (GCVE-0-2026-22001)

CVE-2026-22002 (GCVE-0-2026-22002)

CVE-2026-22004 (GCVE-0-2026-22004)

CVE-2026-22005 (GCVE-0-2026-22005)

CVE-2026-22009 (GCVE-0-2026-22009)

CVE-2026-22015 (GCVE-0-2026-22015)

CVE-2026-22017 (GCVE-0-2026-22017)

CVE-2026-34270 (GCVE-0-2026-34270)

CVE-2026-34271 (GCVE-0-2026-34271)

Tags

Sightings

Nomenclature