CVE Catalog

CVE-2026-46860

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.51%

39th percentile — higher than 39% of all known CVEs

Summary

Vulnerability in the MySQL Router product of Oracle MySQL allows an unauthenticated attacker with network access via HTTP to compromise MySQL Router. Affected versions are 9.0.0-9.7.0.

Risk Assessment

An attacker can remotely take control of MySQL Router, leading to serious threats to the confidentiality, integrity, and availability of data.

Recommendation

It is recommended to update MySQL Router to the latest version to mitigate this vulnerability and implement appropriate security measures for network access.

Original NVD description (English source)

Vulnerability in the MySQL Router product of Oracle MySQL (component: Router: General). Supported versions that are affected are 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MySQL Router. Successful attacks of this vulnerability can result in takeover of MySQL Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS