Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published: 2026-04-21
Score: 4.9 Medium
EPSS: n/a
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

A flaw in the partition management component of Oracle MySQL Server allows a high‑privileged attacker with network access to trigger a server hang or complete crash. The effect is a denial of service that renders the database unavailable, while confidentiality and integrity remain unaffected.

Affected Systems

Oracle MySQL Server versions 9.0.0 through 9.6.0 are affected. No fixed release is documented yet, so customers should move to the latest supported version as soon as a vendor patch is released.

Risk and Exploitability

The CVSS vector AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H shows the vulnerability can be exploited over the network with low complexity once the attacker has high privileges. EPSS is not available and the flaw is not listed in CISA KEV, indicating limited current exploitation evidence, but the availability impact can still disrupt critical services.

Generated by OpenCVE AI on April 22, 2026 at 06:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest MySQL Server version or apply Oracle’s patch once available.
  • Restrict network access to MySQL Server by configuring firewalls or VPNs to allow connections only from trusted hosts.
  • Deploy monitoring and alerting for unexpected MySQL crashes or hangs, and automatically restart the service or isolate the affected instance until a patch is applied.

Generated by OpenCVE AI on April 22, 2026 at 06:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 06:45:00 +0000

Type Values Removed Values Added
Title MySQL Server Partition Management Crash Causing Denial of Service
Weaknesses CWE-400

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
First Time appeared Oracle
Oracle mysql Server
CPEs cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle mysql Server
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oracle Mysql Server
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:45.767Z

Reserved: 2026-04-01T20:03:40.833Z

Link: CVE-2026-35234

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:38.993

Modified: 2026-04-21T21:16:38.993

Link: CVE-2026-35234

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T06:30:10Z

Weaknesses