Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published: 2026-04-21
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Oracle MySQL Server’s Optimizer component contains a flaw that can be triggered by a high‑privileged attacker with network access. When exercised, the server either hangs or crashes, permanently disrupting database availability, which translates into a complete denial of service.

Affected Systems

Oracle MySQL Server versions 8.0.0 through 8.0.45 are affected. These releases are part of the mainstream Oracle MySQL distribution for enterprises.

Risk and Exploitability

The CVSS base score of 4.9 indicates a moderate availability impact. The EPSS score of <1% indicates a very low but nonzero likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The attack requires high privileged credentials and network access, and can be performed over multiple network protocols. If a functional exploit were discovered, it could repeatedly bring the database server offline until a patch is applied.

Generated by OpenCVE AI on April 29, 2026 at 02:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a supported MySQL version that fixes the Optimizer flaw (e.g., 8.0.46 or later).
  • Apply the Oracle security patch that specifically addresses the Optimizer vulnerability once it becomes available.
  • Restrict network traffic to the MySQL port, limiting connections to trusted hosts to reduce exposure to high‑privileged attackers.

Generated by OpenCVE AI on April 29, 2026 at 02:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 00:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-733

Thu, 23 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Optimizer Component in MySQL 8.0 Leading to Server Crash mysql: Optimizer unspecified vulnerability (CPU Apr 2026)
Weaknesses CWE-770
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Optimizer Component in MySQL 8.0 Leading to Server Crash
Weaknesses CWE-400
CWE-733

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
First Time appeared Oracle
Oracle mysql Server
CPEs cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle mysql Server
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oracle Mysql Server
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-22T13:57:09.378Z

Reserved: 2026-03-26T19:48:45.674Z

Link: CVE-2026-34267

cve-icon Vulnrichment

Updated: 2026-04-22T13:56:58.518Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T21:16:30.200

Modified: 2026-04-23T15:06:37.723

Link: CVE-2026-34267

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-21T00:00:00Z

Links: CVE-2026-34267 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T03:00:12Z

Weaknesses