Description
A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysql_server/mysql_server.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been published and may be used. This patch is called 0eaa375c5e5446bfba94a290eff92967a5deac9e. It is advisable to implement a patch to correct this issue.
Published: 2026-05-11
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in bettercap’s MySQL Server component (modules/mysql_server/mysql_server.go) allows an attacker to trigger an integer coercion error through crafted input. This issue falls under numeric value out‑of‑bounds and static type mismatch weaknesses, which may result in unexpected application behavior or denial of service. The described impact could expose the system to inadvertent crashes or state corruption if the coerced values are used in subsequent computations, compromising application availability and reliability.

Affected Systems

All installations of bettercap up to and including version 2.41.5 are affected. Users running earlier or later releases are not impacted unless they re‑introduce the vulnerable module. The vulnerability is specifically tied to the MySQL Server module implemented in the file modules/mysql_server/mysql_server.go.

Risk and Exploitability

The CVSS score of 6.3 indicates moderate to high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. The attack can be launched remotely and requires a high level of complexity, making exploitation technically challenging. However, an exploit has been published, suggesting that attackers with sufficient skill may already be able to target affected systems.

Generated by OpenCVE AI on May 11, 2026 at 07:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade bettercap to the latest release, which removes the vulnerable MySQL Server module
  • If an upgrade cannot be performed immediately, disable or remove the modules/mysql_server/mysql_server.go component to prevent access to the vulnerable functionality
  • Monitor system logs for unexpected integer coercion errors and block traffic that triggers such conditions to mitigate the impact until a patch is applied

Generated by OpenCVE AI on May 11, 2026 at 07:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Bettercap
Bettercap bettercap
Vendors & Products Bettercap
Bettercap bettercap

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 06:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysql_server/mysql_server.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been published and may be used. This patch is called 0eaa375c5e5446bfba94a290eff92967a5deac9e. It is advisable to implement a patch to correct this issue.
Title bettercap MySQL Server mysql_server.go integer coercion
Weaknesses CWE-189
CWE-192
References
Metrics cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Bettercap Bettercap
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-11T12:46:41.322Z

Reserved: 2026-05-10T16:05:47.998Z

Link: CVE-2026-8276

cve-icon Vulnrichment

Updated: 2026-05-11T12:46:37.588Z

cve-icon NVD

Status : Received

Published: 2026-05-11T06:16:10.077

Modified: 2026-05-11T06:16:10.077

Link: CVE-2026-8276

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T16:10:49Z

Weaknesses