Description
Vulnerability in the MySQL Router product of Oracle MySQL (component: Router: General). Supported versions that are affected are 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Router. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Published: 2026-06-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in Oracle MySQL Router versions 8.4.0 through 9.7.0 allows an unauthenticated attacker with network access over TLS to trigger a crash or repeated hang, resulting in a complete denial of service. The flaw resides in the Router: General component and is exploitable through remote network traffic. Although the attack does not affect confidentiality or integrity, it can bring the router offline and disrupt database connectivity for all users relying on it.

Affected Systems

Affected systems include Oracle Corporation’s MySQL Router product. The specific versions impacted are 8.4.0–8.4.9 and 9.0.0–9.7.0. Any deployment of MySQL Router within these version ranges should be considered vulnerable until patched.

Risk and Exploitability

The CVSS 3.1 base score of 7.5 indicates a high availability impact. The EPSS score below 1% shows a very low but non-zero probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Likely execution requires only network connectivity over TLS, with no authentication or special privileges. An attacker can repeatedly send crafted requests to trigger the crash, causing service interruption for affected clients.

Generated by OpenCVE AI on June 17, 2026 at 18:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update MySQL Router to the latest patched version that resolves the crash issue
  • If a patch is not immediately available, restrict TLS access to the router to trusted IP addresses or networks to limit exposure
  • After applying the patch or adding restrictions, monitor the router’s log and uptime to ensure it remains operational

Generated by OpenCVE AI on June 17, 2026 at 18:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the MySQL Router product of Oracle MySQL (component: Router: General). Supported versions that are affected are 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Router. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Router. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
First Time appeared Oracle
Oracle mysql Router
CPEs cpe:2.3:a:oracle:mysql_router:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle mysql Router
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Oracle Mysql Router
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:52:09.095Z

Reserved: 2026-05-18T15:55:10.307Z

Link: CVE-2026-46862

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T03:15:02Z

Weaknesses

No weakness.