Description
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published: 2026-04-21
Score: 4.9 Medium
EPSS: n/a
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

The MySQL Server component GIS is vulnerable to a bug that allows an attacker with high privileges and network access via multiple protocols to cause the database to hang or crash in a repeatable manner. Successful exploitation limits the availability of the server; the flaw does not directly affect confidentiality or integrity.

Affected Systems

Affected versions of Oracle MySQL Server range from 9.0.0 through 9.6.0. Those deployments that host the GIS component are susceptible unless they have applied subsequent releases.

Risk and Exploitability

The CVSS 3.1 base score of 4.9 indicates a moderate risk primarily impacting availability. EPSS is not available, and the vulnerability is not listed in CISA KEV, suggesting that large‑scale exploitation is not yet observed. The attack requires a high‑privileged user with network reach to the target, likely exploiting the GIS subsystem over a database or management protocol. An attacker can induce a denial of service, potentially affecting connected applications and users.

Generated by OpenCVE AI on April 22, 2026 at 04:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Oracle MySQL Server to version 9.6.1 or later where the GIS component flaw has been fixed.
  • Restrict database and GIS protocol access to users with the minimum necessary privileges and block unnecessary network traffic.
  • Implement monitoring and fail‑over mechanisms to detect and mitigate repeated crashes, ensuring high availability.

Generated by OpenCVE AI on April 22, 2026 at 04:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Title High‑Privilege GIS Component Exploit Causes Denial of Service in MySQL Server
Weaknesses CWE-400

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
First Time appeared Oracle
Oracle mysql Server
CPEs cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle mysql Server
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oracle Mysql Server
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-21T20:35:46.163Z

Reserved: 2026-04-01T20:03:40.833Z

Link: CVE-2026-35235

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:39.120

Modified: 2026-04-21T21:16:39.120

Link: CVE-2026-35235

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T05:00:09Z

Weaknesses