Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published: 2026-04-21
Score: 4.9 Medium
EPSS: n/a
KEV: No
Impact: Denial of Service (Complete DOS)
Action: Patch
AI Analysis

Impact

The vulnerability lies in the Optimizer component of Oracle MySQL Server. An attacker with high privileges who can reach the server over the network can exploit this flaw to cause the server to hang or repeatedly crash, leading to a complete denial of service. The flaw is rated with CVSS 3.1 base score 4.9, indicating an availability impact only. The weakness is associated with the server’s ability to fail under specific optimizer conditions.

Affected Systems

Affected versions are Oracle MySQL Server 8.0.0 through 8.0.45, 8.4.0 through 8.4.8, and 9.0.0 through 9.6.0. These versions run on any platform supported by Oracle MySQL Server.

Risk and Exploitability

The CVSS indicates an availability impact, but does not rate confidentiality or integrity. EPSS is not available, so current exploitation likelihood is unknown, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is network-based (AV:N) with multiple protocols, and requires high privileges (PR:H). Because the flaw can be triggered remotely, administrators should treat it as an immediate risk to service availability, especially in environments where the database is critical.

Generated by OpenCVE AI on April 22, 2026 at 05:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle MySQL Server security patch released in the CPU Apr 2026 advisory to close the optimizer vulnerability.
  • Upgrade to a MySQL Server version newer than 9.6.0 if available, or to a version that is no longer affected by this flaw.
  • Limit network exposure by restricting inbound connections to the MySQL Server to trusted hosts and by disabling unnecessary network protocols.

Generated by OpenCVE AI on April 22, 2026 at 05:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Optimizer Vulnerability in Oracle MySQL Server
Weaknesses CWE-119
CWE-787

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
First Time appeared Oracle
Oracle mysql Server
CPEs cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle mysql Server
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oracle Mysql Server
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:00.843Z

Reserved: 2026-01-05T18:07:34.725Z

Link: CVE-2026-22002

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:25.453

Modified: 2026-04-21T21:16:25.453

Link: CVE-2026-22002

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T05:30:09Z

Weaknesses