Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published: 2026-04-21
Score: 4.9 Medium
EPSS: n/a
KEV: No
Impact: Denial of Service (high privileged attacker can cause crash)
Action: Update
AI Analysis

Impact

The vulnerability resides in the Optimizer component of Oracle MySQL Server, allowing a high privileged attacker with network access to trigger a crash of the server. The exploit is described as easily exploitable, and the resulting crash can be repeatedly induced, thereby causing a denial of service to all clients. The attack requires high privileges but remains accessible over the network, and the impact affects availability rather than confidentiality or integrity.

Affected Systems

Oracle MySQL Server, versions 8.0.0 through 8.0.45, are affected. Any deployment of these versions that allows optimizer execution over the network is at risk.

Risk and Exploitability

The CVSS v3.1 base score is 4.9, reflecting a moderate severity but with a high availability impact. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog. Nonetheless, the description indicates that the flaw is easily exploitable by a high privileged attacker who can access the server via supported protocols, enabling them to repeatedly crash the database service. While the attack requires elevated privileges, the potential availability disruption warrants prompt remediation.

Generated by OpenCVE AI on April 22, 2026 at 05:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle MySQL Server update that addresses the optimizer crash.
  • Restrict network exposure of the MySQL server, allowing connections only from trusted hosts and eliminating unnecessary protocol access.
  • Configure the operating system or application monitoring to detect unexpected restarts and automatically restart the database service to mitigate downtime.

Generated by OpenCVE AI on April 22, 2026 at 05:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 05:30:00 +0000

Type Values Removed Values Added
Title High-Privilege Network-Exploitable Denial of Service in MySQL Server Optimizer
Weaknesses CWE-754

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
First Time appeared Oracle
Oracle mysql Server
CPEs cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle mysql Server
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oracle Mysql Server
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:19.579Z

Reserved: 2026-03-26T19:48:45.675Z

Link: CVE-2026-34278

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:32.027

Modified: 2026-04-21T21:16:32.027

Link: CVE-2026-34278

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T05:15:06Z

Weaknesses