CVE-2026-46863
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk37th percentile — higher than 37% of all known CVEs
Summary
Vulnerability in MySQL Server and MySQL Cluster that allows an unauthenticated attacker with network access via multiple protocols to compromise the system. An attacker can cause hangs or frequent crashes of the server, leading to complete denial of service.
Risk Assessment
The risk to the organization is the potential for complete server downtime, which can result in application outages and data loss.
Recommendation
It is recommended to update to the latest version of MySQL Server and MySQL Cluster to mitigate the risks associated with this vulnerability.
Original NVD description (English source)
Vulnerability in the MySQL Server, MySQL Cluster product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are MySQL Server: 8.4.0-8.4.9, 9.0.0-9.7.0; MySQL Cluster: 8.0.11-8.0.46, 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server, MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server, MySQL Cluster. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

