Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published: 2026-04-21
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Oracle MySQL Server’s Optimizer component contains a flaw that can be triggered by a high‑privileged attacker who can reach the database over the network. When the vulnerability is exercised, the server will either hang or crash, permanently disrupting database availability. This weakness is consistent with improper resource handling and denial‑of‑service conditions.

Affected Systems

Oracle MySQL Server versions 8.0.0 through 8.0.45 are affected. These releases are part of the mainstream Oracle MySQL distribution for enterprises.

Risk and Exploitability

The CVSS base score of 4.9 indicates a moderate availability impact. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog. The attack requires high privileged credentials and network access, and can be performed over multiple network protocols. If a functional exploit were discovered, it could repeatedly bring the database server offline until a patch is applied.

Generated by OpenCVE AI on April 22, 2026 at 05:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a supported MySQL version that fixes the Optimizer flaw (e.g., 8.0.46 or later).
  • Apply the Oracle security patch that specifically addresses the Optimizer vulnerability once it becomes available.
  • Restrict network traffic to the MySQL port, limiting connections to trusted hosts to reduce exposure to high‑privileged attackers.

Generated by OpenCVE AI on April 22, 2026 at 05:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Optimizer Component in MySQL 8.0 Leading to Server Crash
Weaknesses CWE-400
CWE-733

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
First Time appeared Oracle
Oracle mysql Server
CPEs cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle mysql Server
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oracle Mysql Server
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-22T13:57:09.378Z

Reserved: 2026-03-26T19:48:45.674Z

Link: CVE-2026-34267

cve-icon Vulnrichment

Updated: 2026-04-22T13:56:58.518Z

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:30.200

Modified: 2026-04-22T14:16:55.127

Link: CVE-2026-34267

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T05:15:06Z

Weaknesses