Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-21950 (GCVE-0-2026-21950)
Vulnerability from cvelistv5 – Published: 2026-01-20 21:56 – Updated: 2026-01-21 15:17
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity ?
6.5 (Medium)
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
9.0.0 , ≤ 9.5.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T15:16:52.811173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T15:17:33.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "9.5.0",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.5.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T21:56:29.652Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2026-21950",
"datePublished": "2026-01-20T21:56:29.652Z",
"dateReserved": "2026-01-05T18:07:34.712Z",
"dateUpdated": "2026-01-21T15:17:33.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-21950\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2026-01-20T22:15:57.993\",\"lastModified\":\"2026-01-29T15:28:59.573\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert_us@oracle.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndIncluding\":\"9.5.0\",\"matchCriteriaId\":\"80A941A0-B16F-477B-9062-EF768F4CAAD4\"}]}]}],\"references\":[{\"url\":\"https://www.oracle.com/security-alerts/cpujan2026.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-21950\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-21T15:16:52.811173Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-21T15:17:26.891Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"MySQL Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.5.0\"}]}], \"references\": [{\"url\": \"https://www.oracle.com/security-alerts/cpujan2026.html\", \"name\": \"Oracle Advisory\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"description\": \"Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"9.5.0\", \"versionStartIncluding\": \"9.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2026-01-20T21:56:29.652Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-21950\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-21T15:17:33.458Z\", \"dateReserved\": \"2026-01-05T18:07:34.712Z\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2026-01-20T21:56:29.652Z\", \"assignerShortName\": \"oracle\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0070
Vulnerability from certfr_avis - Published: 2026-01-21 - Updated: 2026-01-21
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server (Server: Parser) versions 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Server (Server: Packaging) versions 8.0.0 à 8.0.44, 8.4.0 à 8.4.7 et 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Connectors (Connector/ODBC) versions 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Server (Server: Docker Images) versions 8.4.0 à 8.4.7 | ||
| Oracle | MySQL | MySQL Server (Server: DDL) versions 8.0.0 à 8.0.44, 8.4.0 à 8.4.7 et 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Server (InnoDB) versions 8.0.0 à 8.0.44, 8.4.0 à 8.4.7 et 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 8.0.0 à 8.0.44, 8.4.0 à 8.4.7 et 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Cluster versions 7.6.0 à 7.6.36, 8.0.0 à 8.0.44, 8.4.0 à 8.4.7 et 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Connectors (Connector/C++) versions 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Server (Server: Thread Pooling) versions 8.0.0 à 8.0.44, 8.4.0 à 8.4.7 et 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.0 à 8.0.45 | ||
| Oracle | MySQL | MySQL Server (Server: Pluggable Auth) versions 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) versions 8.0.0 à 8.0.44, 8.4.0 à 8.4.7 et 9.0.0 à 9.5.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server (Server: Parser) versions 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Packaging) versions 8.0.0 \u00e0 8.0.44, 8.4.0 \u00e0 8.4.7 et 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors (Connector/ODBC) versions 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Docker Images) versions 8.4.0 \u00e0 8.4.7",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DDL) versions 8.0.0 \u00e0 8.0.44, 8.4.0 \u00e0 8.4.7 et 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (InnoDB) versions 8.0.0 \u00e0 8.0.44, 8.4.0 \u00e0 8.4.7 et 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 8.0.0 \u00e0 8.0.44, 8.4.0 \u00e0 8.4.7 et 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.6.0 \u00e0 7.6.36, 8.0.0 \u00e0 8.0.44, 8.4.0 \u00e0 8.4.7 et 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors (Connector/C++) versions 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Thread Pooling) versions 8.0.0 \u00e0 8.0.44, 8.4.0 \u00e0 8.4.7 et 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.0 \u00e0 8.0.45",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Pluggable Auth) versions 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) versions 8.0.0 \u00e0 8.0.44, 8.4.0 \u00e0 8.4.7 et 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2026-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21936"
},
{
"name": "CVE-2026-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21937"
},
{
"name": "CVE-2026-21949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21949"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2026-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21948"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2026-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21964"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2026-21950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21950"
},
{
"name": "CVE-2026-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21968"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2026-21929",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21929"
},
{
"name": "CVE-2026-21952",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21952"
},
{
"name": "CVE-2026-21965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21965"
},
{
"name": "CVE-2026-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21941"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
}
],
"initial_release_date": "2026-01-21T00:00:00",
"last_revision_date": "2026-01-21T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0070",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle MySQL cpujan2026",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
]
}
CERTFR-2026-AVI-0070
Vulnerability from certfr_avis - Published: 2026-01-21 - Updated: 2026-01-21
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server (Server: Parser) versions 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Server (Server: Packaging) versions 8.0.0 à 8.0.44, 8.4.0 à 8.4.7 et 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Connectors (Connector/ODBC) versions 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Server (Server: Docker Images) versions 8.4.0 à 8.4.7 | ||
| Oracle | MySQL | MySQL Server (Server: DDL) versions 8.0.0 à 8.0.44, 8.4.0 à 8.4.7 et 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Server (InnoDB) versions 8.0.0 à 8.0.44, 8.4.0 à 8.4.7 et 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 8.0.0 à 8.0.44, 8.4.0 à 8.4.7 et 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Cluster versions 7.6.0 à 7.6.36, 8.0.0 à 8.0.44, 8.4.0 à 8.4.7 et 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Connectors (Connector/C++) versions 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Server (Server: Thread Pooling) versions 8.0.0 à 8.0.44, 8.4.0 à 8.4.7 et 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.0 à 8.0.45 | ||
| Oracle | MySQL | MySQL Server (Server: Pluggable Auth) versions 9.0.0 à 9.5.0 | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) versions 8.0.0 à 8.0.44, 8.4.0 à 8.4.7 et 9.0.0 à 9.5.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server (Server: Parser) versions 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Packaging) versions 8.0.0 \u00e0 8.0.44, 8.4.0 \u00e0 8.4.7 et 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors (Connector/ODBC) versions 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Docker Images) versions 8.4.0 \u00e0 8.4.7",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DDL) versions 8.0.0 \u00e0 8.0.44, 8.4.0 \u00e0 8.4.7 et 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (InnoDB) versions 8.0.0 \u00e0 8.0.44, 8.4.0 \u00e0 8.4.7 et 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 8.0.0 \u00e0 8.0.44, 8.4.0 \u00e0 8.4.7 et 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.6.0 \u00e0 7.6.36, 8.0.0 \u00e0 8.0.44, 8.4.0 \u00e0 8.4.7 et 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors (Connector/C++) versions 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Thread Pooling) versions 8.0.0 \u00e0 8.0.44, 8.4.0 \u00e0 8.4.7 et 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.0 \u00e0 8.0.45",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Pluggable Auth) versions 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) versions 8.0.0 \u00e0 8.0.44, 8.4.0 \u00e0 8.4.7 et 9.0.0 \u00e0 9.5.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-10148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
},
{
"name": "CVE-2026-21936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21936"
},
{
"name": "CVE-2026-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21937"
},
{
"name": "CVE-2026-21949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21949"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2026-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21948"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2026-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21964"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2026-21950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21950"
},
{
"name": "CVE-2026-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21968"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2026-21929",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21929"
},
{
"name": "CVE-2026-21952",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21952"
},
{
"name": "CVE-2026-21965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21965"
},
{
"name": "CVE-2026-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21941"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
}
],
"initial_release_date": "2026-01-21T00:00:00",
"last_revision_date": "2026-01-21T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0070",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": "2026-01-20",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle MySQL cpujan2026",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
]
}
BDU:2026-00996
Vulnerability from fstec - Published: 20.01.2026
VLAI Severity ?
Title
Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity ?
Vendor
Oracle Corp.
Software Name
MySQL Server
Software Version
от 9.0.0 до 9.5.0 включительно (MySQL Server)
Possible Mitigations
Использование рекомендаций производителя:
https://www.oracle.com/security-alerts/cpujan2026.html
Reference
https://www.cybersecurity-help.cz/vdb/SB20260120188
https://www.oracle.com/security-alerts/cpujan2026.html
CWE
CWE-20, CWE-400
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": "AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO2502",
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO2502 \u041f\u0430\u043a\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f MySQL",
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Oracle Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 9.0.0 \u0434\u043e 9.5.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL Server)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\n\nhttps://www.oracle.com/security-alerts/cpujan2026.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2026",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.01.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.01.2026",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2026-00996",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2026-21950",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "MySQL Server",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Server: Optimizer \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Oracle MySQL Server, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0440\u0430\u0441\u0445\u043e\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0418\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u00bb) (CWE-400)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Server: Optimizer \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Oracle MySQL Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cybersecurity-help.cz/vdb/SB20260120188\nhttps://www.oracle.com/security-alerts/cpujan2026.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0423\u0411\u0414",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-400",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)"
}
WID-SEC-W-2026-0168
Vulnerability from csaf_certbund - Published: 2026-01-20 23:00 - Updated: 2026-03-25 23:00Summary
Oracle MySQL: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: MySQL ist ein Open Source Datenbankserver von Oracle.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "MySQL ist ein Open Source Datenbankserver von Oracle.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0168 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0168.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0168 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0168"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2026 - Appendix Oracle MySQL vom 2026-01-20",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7994-1 vom 2026-02-03",
"url": "https://ubuntu.com/security/notices/USN-7994-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8006-1 vom 2026-02-04",
"url": "https://ubuntu.com/security/notices/USN-8006-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4162 vom 2026-03-10",
"url": "https://access.redhat.com/errata/RHSA-2026:4162"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-4162 vom 2026-03-10",
"url": "https://linux.oracle.com/errata/ELSA-2026-4162.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:4828 vom 2026-03-18",
"url": "https://errata.build.resf.org/RLSA-2026:4828"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4828 vom 2026-03-18",
"url": "https://access.redhat.com/errata/RHSA-2026:4828"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-4828 vom 2026-03-18",
"url": "https://linux.oracle.com/errata/ELSA-2026-4828.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5580 vom 2026-03-24",
"url": "https://access.redhat.com/errata/RHSA-2026:5580"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:5580 vom 2026-03-24",
"url": "https://errata.build.resf.org/RLSA-2026:5580"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5640 vom 2026-03-24",
"url": "https://access.redhat.com/errata/RHSA-2026:5640"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:5640 vom 2026-03-24",
"url": "https://errata.build.resf.org/RLSA-2026:5640"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-5640 vom 2026-03-26",
"url": "http://linux.oracle.com/errata/ELSA-2026-5640.html"
}
],
"source_lang": "en-US",
"title": "Oracle MySQL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-25T23:00:00.000+00:00",
"generator": {
"date": "2026-03-26T08:07:02.378+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0168",
"initial_release_date": "2026-01-20T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-20T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-01-21T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-3544"
},
{
"date": "2026-02-02T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-02-03T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-03-09T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-10T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-03-17T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2026-03-18T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-03-23T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-24T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat und Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-03-25T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=9.4.0",
"product": {
"name": "Oracle MySQL \u003c=9.4.0",
"product_id": "T047929"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.4.0",
"product": {
"name": "Oracle MySQL \u003c=9.4.0",
"product_id": "T047929-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.7",
"product": {
"name": "Oracle MySQL \u003c=8.4.7",
"product_id": "T050150"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.7",
"product": {
"name": "Oracle MySQL \u003c=8.4.7",
"product_id": "T050150-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.5.0",
"product": {
"name": "Oracle MySQL \u003c=9.5.0",
"product_id": "T050151"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.5.0",
"product": {
"name": "Oracle MySQL \u003c=9.5.0",
"product_id": "T050151-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.45",
"product": {
"name": "Oracle MySQL \u003c=8.0.45",
"product_id": "T050153"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.45",
"product": {
"name": "Oracle MySQL \u003c=8.0.45",
"product_id": "T050153-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.6.36",
"product": {
"name": "Oracle MySQL \u003c=7.6.36",
"product_id": "T050154"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.6.36",
"product": {
"name": "Oracle MySQL \u003c=7.6.36",
"product_id": "T050154-fixed"
}
}
],
"category": "product_name",
"name": "MySQL"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-65018",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-6965",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-9086",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-9230",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2026-21929",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21929"
},
{
"cve": "CVE-2026-21936",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21936"
},
{
"cve": "CVE-2026-21937",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21937"
},
{
"cve": "CVE-2026-21941",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21941"
},
{
"cve": "CVE-2026-21948",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21948"
},
{
"cve": "CVE-2026-21949",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21949"
},
{
"cve": "CVE-2026-21950",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21950"
},
{
"cve": "CVE-2026-21952",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21952"
},
{
"cve": "CVE-2026-21964",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21964"
},
{
"cve": "CVE-2026-21965",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21965"
},
{
"cve": "CVE-2026-21968",
"product_status": {
"known_affected": [
"67646",
"T000126",
"T004914",
"T032255"
],
"last_affected": [
"T050150",
"T050151",
"T047929",
"T050154",
"T050153"
]
},
"release_date": "2026-01-20T23:00:00.000+00:00",
"title": "CVE-2026-21968"
}
]
}
FKIE_CVE-2026-21950
Vulnerability from fkie_nvd - Published: 2026-01-20 22:15 - Updated: 2026-01-29 15:28
Severity ?
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
References
| URL | Tags | ||
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujan2026.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | mysql_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80A941A0-B16F-477B-9062-EF768F4CAAD4",
"versionEndIncluding": "9.5.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Server: Optimizer). Las versiones compatibles que est\u00e1n afectadas son 9.0.0-9.5.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante con pocos privilegios con acceso a la red a trav\u00e9s de m\u00faltiples protocolos comprometer MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar un cuelgue o un fallo repetible con frecuencia (DoS completo) de MySQL Server. Puntuaci\u00f3n base CVSS 3.1 6.5 (Impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"id": "CVE-2026-21950",
"lastModified": "2026-01-29T15:28:59.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2026-01-20T22:15:57.993",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
NCSC-2026-0032
Vulnerability from csaf_ncscnl - Published: 2026-01-21 10:12 - Updated: 2026-01-21 10:12Summary
Kwetsbaarheden verholpen in Oracle MySQL
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in diverse Oracle MySQL componenten.
Interpretaties: De kwetsbaarheden stellen hooggeprivilegieerde aanvallers in staat om de server op afstand te exploiteren, wat kan leiden tot servercrashes en Denial of Service. Dit probleem kan worden misbruikt door aanvallers met netwerktoegang, wat de noodzaak van aandacht van beveiligingsbeheerders onderstreept.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-122: Heap-based Buffer Overflow
CWE-125: Out-of-bounds Read
CWE-197: Numeric Truncation Error
CWE-787: Out-of-bounds Write
Critical vulnerabilities in Oracle Communications Cloud Native Core and Siebel CRM allow unauthenticated access, while SQLite versions prior to 3.50.2 face memory corruption risks and other security issues.
9.8 (Critical)
Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.
7.5 (High)
Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.
7.5 (High)
Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.
7.1 (High)
A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to potentially cause a denial of service by crashing the server, with a CVSS score of 5.3 indicating availability impacts.
5.3 (Medium)
A vulnerability in Oracle MySQL's InnoDB component affects specific versions, allowing high-privileged attackers to crash the MySQL Server, with a CVSS score of 4.9 indicating availability impacts.
4.9 (Medium)
A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to cause denial of service via network access, with a CVSS score of 4.9.
4.9 (Medium)
A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to remotely exploit it, potentially causing denial of service with a CVSS score of 4.9.
4.9 (Medium)
A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to remotely exploit it, potentially causing denial of service with a CVSS score of 4.9.
4.9 (Medium)
A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to cause denial of service, leading to server crashes, with a CVSS score of 6.5 indicating significant availability impacts.
6.5 (Medium)
A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to cause denial of service, leading to server crashes, with a CVSS score of 6.5 indicating significant availability impacts.
6.5 (Medium)
A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows high-privileged attackers to cause denial of service, leading to server crashes, with a CVSS 3.1 Base Score of 4.9.
4.9 (Medium)
A vulnerability in Oracle MySQL's Server: Thread Pooling component affects specific versions, allowing high-privileged attackers to remotely exploit it, potentially leading to denial of service with a CVSS score of 4.9.
4.9 (Medium)
A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows high-privileged attackers with network access to potentially cause a partial denial of service, rated with a CVSS 3.1 Base Score of 2.7.
A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows low-privileged attackers to cause denial of service via network access, with a CVSS score of 6.5.
6.5 (Medium)
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in diverse Oracle MySQL componenten.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen hooggeprivilegieerde aanvallers in staat om de server op afstand te exploiteren, wat kan leiden tot servercrashes en Denial of Service. Dit probleem kan worden misbruikt door aanvallers met netwerktoegang, wat de noodzaak van aandacht van beveiligingsbeheerders onderstreept.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle MySQL",
"tracking": {
"current_release_date": "2026-01-21T10:12:24.844869Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0032",
"initial_release_date": "2026-01-21T10:12:24.844869Z",
"revision_history": [
{
"date": "2026-01-21T10:12:24.844869Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "MySQL"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "MySQL Cluster"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "MySQL Connectors"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "MySQL Enterprise Backup"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "MySQL Server"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "MySQL Workbench"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"notes": [
{
"category": "other",
"text": "Numeric Truncation Error",
"title": "CWE-197"
},
{
"category": "description",
"text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and Siebel CRM allow unauthenticated access, while SQLite versions prior to 3.50.2 face memory corruption risks and other security issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-6965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-6965"
},
{
"cve": "CVE-2025-9086",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates to curl and MySQL Enterprise Backup address critical vulnerabilities, including cookie path issues and denial of service risks in various software versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9086 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-9086"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9230 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9230.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-65018 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-65018.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2026-21929",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to potentially cause a denial of service by crashing the server, with a CVSS score of 5.3 indicating availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21929 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21929.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21929"
},
{
"cve": "CVE-2026-21936",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL\u0027s InnoDB component affects specific versions, allowing high-privileged attackers to crash the MySQL Server, with a CVSS score of 4.9 indicating availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21936 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21936.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21936"
},
{
"cve": "CVE-2026-21937",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to cause denial of service via network access, with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21937 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21937.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21937"
},
{
"cve": "CVE-2026-21941",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to remotely exploit it, potentially causing denial of service with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21941 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21941.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21941"
},
{
"cve": "CVE-2026-21948",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows high-privileged attackers to remotely exploit it, potentially causing denial of service with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21948 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21948.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21948"
},
{
"cve": "CVE-2026-21949",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to cause denial of service, leading to server crashes, with a CVSS score of 6.5 indicating significant availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21949 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21949.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21949"
},
{
"cve": "CVE-2026-21950",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows low-privileged attackers to cause denial of service, leading to server crashes, with a CVSS score of 6.5 indicating significant availability impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21950 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21950.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21950"
},
{
"cve": "CVE-2026-21952",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows high-privileged attackers to cause denial of service, leading to server crashes, with a CVSS 3.1 Base Score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21952 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21952.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21952"
},
{
"cve": "CVE-2026-21964",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL\u0027s Server: Thread Pooling component affects specific versions, allowing high-privileged attackers to remotely exploit it, potentially leading to denial of service with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21964 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21964.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21964"
},
{
"cve": "CVE-2026-21965",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server (versions 9.0.0-9.5.0) allows high-privileged attackers with network access to potentially cause a partial denial of service, rated with a CVSS 3.1 Base Score of 2.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21965 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21965.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21965"
},
{
"cve": "CVE-2026-21968",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle MySQL Server versions 8.0.0-8.0.44, 8.4.0-8.4.7, and 9.0.0-9.5.0 allows low-privileged attackers to cause denial of service via network access, with a CVSS score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21968 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21968.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2026-21968"
}
]
}
GHSA-44PV-MW72-7WFV
Vulnerability from github – Published: 2026-01-21 00:31 – Updated: 2026-01-21 00:31
VLAI?
Details
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2026-21950"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-20T22:15:57Z",
"severity": "MODERATE"
},
"details": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).",
"id": "GHSA-44pv-mw72-7wfv",
"modified": "2026-01-21T00:31:43Z",
"published": "2026-01-21T00:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21950"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…