Description
Vulnerability in the MySQL Server, MySQL Cluster product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are MySQL Server: 8.4.0-8.4.9, 9.0.0-9.7.0; MySQL Cluster: 8.0.11-8.0.46, 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server, MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server, MySQL Cluster. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Published: 2026-06-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw exists in the Connection Handling component of Oracle MySQL Server and MySQL Cluster. An unauthenticated attacker who can reach the database instance over the network can force the server or cluster to crash repeatedly, causing a complete denial of service. The vulnerability does not affect confidentiality or integrity, but it fully disrupts availability for all users and applications that rely on the affected database instance.

Affected Systems

Oracle Corporation MySQL Server versions 8.4.0 through 8.4.9 and 9.0.0 through 9.7.0, and MySQL Cluster versions 8.0.11 through 8.0.46, 8.4.0 through 8.4.9, and 9.0.0 through 9.7.0 are affected. All other product versions are not impacted.

Risk and Exploitability

The CVSS v3.1 base score of 7.5 classifies the weakness as high severity, and the EPSS score of less than 1% suggests a low yet non‑zero likelihood of exploitation at the moment. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, indicating no publicly documented exploitation campaigns yet. However, because the flaw requires no authentication and can be reached from any network, any exposed MySQL instance is a potential target. Successful exploitation triggers an immediate crash, severely impacting application availability.

Generated by OpenCVE AI on June 18, 2026 at 23:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update MySQL Server to a version later than 8.4.9 or 9.7.0 that contains the fix
  • Update MySQL Cluster to a version later than 8.0.46 or 9.7.0 that contains the fix
  • Restrict network access to MySQL ports by applying firewall or security group rules so that only trusted hosts can reach the database instance

Generated by OpenCVE AI on June 18, 2026 at 23:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8457-1 MySQL vulnerabilities
Ubuntu USN Ubuntu USN USN-8457-2 MySQL vulnerabilities
History

Thu, 18 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated Network Remote Denial of Service via Connection Handling in MySQL Server and Cluster
Weaknesses CWE-770

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated Network Remote Denial of Service via Connection Handling in MySQL Server and Cluster
Weaknesses CWE-400
CWE-770
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the MySQL Server, MySQL Cluster product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are MySQL Server: 8.4.0-8.4.9, 9.0.0-9.7.0; MySQL Cluster: 8.0.11-8.0.46, 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server, MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server, MySQL Cluster. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
First Time appeared Oracle
Oracle mysql Cluster
Oracle mysql Server
CPEs cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle mysql Cluster
Oracle mysql Server
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Subscriptions

Oracle Mysql Cluster Mysql Server
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:52:56.766Z

Reserved: 2026-05-18T15:55:10.307Z

Link: CVE-2026-46863

cve-icon Vulnrichment

Updated: 2026-06-17T14:52:51.212Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T23:45:16Z

Weaknesses
  • CWE-400

    Uncontrolled Resource Consumption