Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published: 2026-04-21
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

A flaw in the partition management component of Oracle MySQL Server allows a high‑privileged attacker with network access to trigger a server hang or complete crash. The effect is a denial of service that renders the database unavailable, while confidentiality and integrity remain unaffected.

Affected Systems

Oracle MySQL Server versions 9.0.0 through 9.6.0 are affected. No fixed release is documented yet, so customers should move to the latest supported version as soon as a vendor patch is released.

Risk and Exploitability

The CVSS vector AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H shows the vulnerability can be exploited over the network with low complexity once the attacker has high privileges. The EPSS score of < 1% indicates that exploitation is currently believed to be very unlikely, and the vulnerability is not listed in CISA’s KEV catalog. Nevertheless, the availability impact can still disrupt critical services because a single crash can eliminate database availability for the affected instance.

Generated by OpenCVE AI on April 28, 2026 at 15:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available Oracle patch or upgrade to a later release that includes a fix for the partition management crash.
  • Limit network access to MySQL Server instances by configuring firewalls or VPNs so that only trusted hosts can connect.
  • Enable proactive monitoring for unexpected MySQL hung or crashed states, and automatically restart the service or isolate the affected instance until a patch or upgrade is installed.

Generated by OpenCVE AI on April 28, 2026 at 15:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400

Thu, 23 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title MySQL Server Partition Management Crash Causing Denial of Service mysql: Partition unspecified vulnerability (CPU Apr 2026)
Weaknesses CWE-770
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 22 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 06:45:00 +0000

Type Values Removed Values Added
Title MySQL Server Partition Management Crash Causing Denial of Service
Weaknesses CWE-400

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
First Time appeared Oracle
Oracle mysql Server
CPEs cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle mysql Server
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oracle Mysql Server
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-22T15:33:48.742Z

Reserved: 2026-04-01T20:03:40.833Z

Link: CVE-2026-35234

cve-icon Vulnrichment

Updated: 2026-04-22T15:20:28.613Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T21:16:38.993

Modified: 2026-04-23T15:10:22.397

Link: CVE-2026-35234

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-21T00:00:00Z

Links: CVE-2026-35234 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T16:00:13Z

Weaknesses