Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published: 2026-04-21
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

A flaw exists in the DML component of Oracle MySQL Server that can be triggered by an attacker who has high privileges and network access. The vulnerability allows the attacker to send crafted commands that cause the server process to hang or crash repeatedly, resulting in a denial of service. The vulnerability impacts only availability and does not directly compromise confidentiality or integrity.

Affected Systems

Affected systems: Oracle MySQL Server versions 8.0.0 through 8.0.45 are impacted. The vulnerability applies to all installations of these releases that use network access via standard MySQL protocols.

Risk and Exploitability

Risk and exploitability: The CVSS 3.1 base score of 4.9 indicates a moderate severity focused on availability. The EPSS score of < 1% indicates that the likelihood of exploitation is very low. The vulnerability is not listed in CISA’s KEV catalog. The attacker must have high privileges and be able to connect to the MySQL instance over the network to submit malicious DML statements. Based on the description, it is inferred that an insider or compromised host could exploit it, and that external attackers might also succeed if the database is exposed to the internet.

Generated by OpenCVE AI on April 29, 2026 at 00:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle MySQL Server security patch that fixes the DML crash issue
  • Restrict network access to the MySQL instance using firewall rules and only allow trusted hosts or VPN connections
  • Continuously monitor MySQL error logs and service status to detect unexpected crashes and intervene promptly

Generated by OpenCVE AI on April 29, 2026 at 00:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787

Thu, 23 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title MySQL Server DML Crash Vulnerability Leading to Denial of Service mysql: DML unspecified vulnerability (CPU Apr 2026)
Weaknesses CWE-770
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 07:00:00 +0000

Type Values Removed Values Added
Title MySQL Server DML Crash Vulnerability Leading to Denial of Service
Weaknesses CWE-787

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
First Time appeared Oracle
Oracle mysql Server
CPEs cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle mysql Server
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oracle Mysql Server
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-22T13:45:00.679Z

Reserved: 2026-03-26T19:48:45.677Z

Link: CVE-2026-34293

cve-icon Vulnrichment

Updated: 2026-04-22T13:44:50.766Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T21:16:34.223

Modified: 2026-04-23T15:05:39.517

Link: CVE-2026-34293

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-21T00:00:00Z

Links: CVE-2026-34293 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T00:30:16Z

Weaknesses