Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Published: 2026-04-21
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: Availability (Denial of Service)
Action: Patch
AI Analysis

Impact

The flaw resides in the Group Replication Plugin of Oracle MySQL Server. An attacker with low privileges and network connectivity can trigger a hang or repeatable crash that takes the server offline. The exploit does not grant further compromise and only corrupts availability, as reflected by the CVSS 3.1 vector AV:N/AC:L/PR:L/C:N/I:N/A:H.

Affected Systems

Oracle MySQL Server 8.0.0 through 8.0.45, 8.4.0 through 8.4.8, and 9.0.0 through 9.6.0 are affected. Any installation of the Group Replication Plugin in these versions can be impacted.

Risk and Exploitability

The CVSS base score of 6.5 indicates a moderate risk to availability, but the lack of an EPSS score means the exact exploitation likelihood is unknown. The vulnerability is not yet in the CISA KEV catalog. Attackers can reach the vulnerable code via the standard MySQL protocols over the network, using a low‑privilege account to execute the crash trigger.

Generated by OpenCVE AI on April 22, 2026 at 07:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Oracle MySQL Server to a version newer than 8.0.45, 8.4.8, or 9.6.0, which contain the fixed Group Replication Plugin.
  • If Group Replication is not required, remove or disable the plugin to eliminate the attack surface.
  • Restrict network access to the MySQL instance to trusted hosts and consider applying firewall rules to block unnecessary ports, thereby limiting low‑privilege attacker reach.

Generated by OpenCVE AI on April 22, 2026 at 07:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
Title MySQL Server Group Replication Plugin Denial of Service via Low‑Privilege Network Attack
Weaknesses CWE-739

Wed, 22 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Title MySQL Server Group Replication Plugin Denial of Service via Low‑Privilege Network Attack
Weaknesses CWE-739

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
First Time appeared Oracle
Oracle mysql Server
CPEs cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle mysql Server
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oracle Mysql Server
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:15.179Z

Reserved: 2026-03-26T19:48:45.674Z

Link: CVE-2026-34270

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:30.717

Modified: 2026-04-21T21:16:30.717

Link: CVE-2026-34270

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T07:15:11Z

Weaknesses

No weakness.