CVE-2026-34318
Analyzed Analyzed - Analysis Complete
High-Privilege Network Access Vulnerability in Oracle MySQL Shell

Publication date: 2026-04-21

Last updated on: 2026-05-05

Assigner: Oracle

Description
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Shell. While the vulnerability is in MySQL Shell, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-21
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34318
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
oracle mysql From 8.0.0 (inc) to 8.0.45 (inc)
oracle mysql From 8.4.0 (inc) to 8.4.8 (inc)
oracle mysql From 9.0.0 (inc) to 9.6.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows a high privileged attacker with network access to compromise MySQL Shell, potentially resulting in unauthorized access to critical data or complete access to all MySQL Shell accessible data.

Such unauthorized access to sensitive or critical data could negatively impact compliance with data protection standards and regulations such as GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

However, specific impacts on compliance are not detailed in the provided information.

Executive Summary

This vulnerability exists in the MySQL Shell product of Oracle MySQL, specifically in the Shell: Core Client component. It affects supported versions 8.0.0-8.0.45, 8.4.0-8.4.8, and 9.0.0-9.6.0.

The vulnerability is difficult to exploit and requires a high privileged attacker with network access through multiple protocols. If successfully exploited, it allows the attacker to compromise the MySQL Shell.

Although the vulnerability is in MySQL Shell, attacks may significantly impact additional products due to scope change.

Successful exploitation can lead to unauthorized access to critical data or complete access to all data accessible via MySQL Shell.

Impact Analysis

If exploited, this vulnerability can allow a high privileged attacker with network access to gain unauthorized access to critical data within MySQL Shell.

The attacker could potentially access all data accessible through MySQL Shell, which may lead to data breaches or exposure of sensitive information.

Because the vulnerability affects multiple protocols and may impact additional products, the overall security of systems relying on MySQL Shell could be compromised.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34318. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart