CVE Catalog

CVE-2026-46863

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.47%

37th percentile — higher than 37% of all known CVEs

Summary

Vulnerability in MySQL Server and MySQL Cluster that allows an unauthenticated attacker with network access via multiple protocols to compromise the system. An attacker can cause hangs or frequent crashes of the server, leading to complete denial of service.

Risk Assessment

The risk to the organization is the potential for complete server downtime, which can result in application outages and data loss.

Recommendation

It is recommended to update to the latest version of MySQL Server and MySQL Cluster to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

Vulnerability in the MySQL Server, MySQL Cluster product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are MySQL Server: 8.4.0-8.4.9, 9.0.0-9.7.0; MySQL Cluster: 8.0.11-8.0.46, 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server, MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server, MySQL Cluster. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS