Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published: 2026-04-21
Score: 4.9 Medium
EPSS: n/a
KEV: No
Impact: Denial of Service
Action: Apply Patches
AI Analysis

Impact

Oracle MySQL Server contains a flaw in its InnoDB storage engine that allows a high‑privileged attacker who can reach the database over the network to force the server to crash. An attacker can trigger a repeatable crash that results in a full denial of service to all users of the affected database. The vulnerability does not compromise confidentiality or integrity; its impact is confined to availability.

Affected Systems

Oracle Corporation MySQL Server versions 8.0.0 through 8.0.45, 8.4.0 through 8.4.8, and 9.0.0 through 9.6.0 are impacted.

Risk and Exploitability

The CVSS 3.1 base score is 4.9, indicating moderate severity. Exploitability requires high privileges and network connectivity, but no exploit probability is listed in EPSS and the vulnerability is not yet present in the CISA KEV catalog. The attacker can remotely send malicious input to the MySQL server that triggers an InnoDB crash, leading to a complete denial of service.

Generated by OpenCVE AI on April 22, 2026 at 02:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Oracle MySQL Server to the latest release that removes the InnoDB crash vulnerability (8.0.46 or newer, 8.4.9 or newer, or 9.6.1 or newer).
  • If an immediate upgrade is not possible, restrict network access to the database server to trusted hosts only and monitor for abnormal crash patterns.
  • Apply general database hardening, such as disabling unused protocols or enforcing strict firewall rules, to reduce the attack surface until a patch can be deployed.

Generated by OpenCVE AI on April 22, 2026 at 02:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Title Denial of Service via InnoDB Exploit in Oracle MySQL Server
Weaknesses CWE-1010

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
First Time appeared Oracle
Oracle mysql Server
CPEs cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle mysql Server
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oracle Mysql Server
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:33.158Z

Reserved: 2026-03-26T19:48:45.679Z

Link: CVE-2026-34304

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:35.690

Modified: 2026-04-21T21:16:35.690

Link: CVE-2026-34304

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T02:30:05Z

Weaknesses