CVE-2026-34319
Denial of Service in Oracle MySQL Shell via Low-Privileged Exploit
Publication date: 2026-04-21
Last updated on: 2026-05-05
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | mysql | From 8.0.0 (inc) to 8.0.45 (inc) |
| oracle | mysql | From 8.4.0 (inc) to 8.4.8 (inc) |
| oracle | mysql | From 9.0.0 (inc) to 9.6.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-204 | The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in MySQL Shell allows a low privileged attacker to cause a denial of service (DoS) by hanging or crashing the MySQL Shell. This impacts availability but does not affect confidentiality or integrity.
Since the vulnerability does not lead to unauthorized access to data or data breaches, it does not directly impact compliance with data protection regulations such as GDPR or HIPAA, which primarily focus on confidentiality and integrity of personal and sensitive data.
However, the availability impact could indirectly affect compliance if the MySQL Shell is critical for maintaining systems that handle regulated data, as prolonged downtime might violate availability requirements in some standards.
Can you explain this vulnerability to me?
This vulnerability exists in the MySQL Shell product of Oracle MySQL, specifically in the Shell: Core Client component. It affects supported versions 8.0.0-8.0.45, 8.4.0-8.4.8, and 9.0.0-9.6.0.
The vulnerability is easily exploitable by a low privileged attacker who has logon access to the infrastructure where MySQL Shell runs. However, successful exploitation requires human interaction from someone other than the attacker.
If exploited successfully, the attacker can cause MySQL Shell to hang or crash repeatedly, resulting in a denial of service (DoS) condition.
How can this vulnerability impact me? :
The main impact of this vulnerability is on availability. An attacker with low privileges and access to the system can cause MySQL Shell to hang or crash repeatedly, leading to a denial of service.
This means that legitimate users may be unable to use MySQL Shell while the attack is ongoing, potentially disrupting operations that depend on it.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that only trusted users have logon access to the infrastructure where MySQL Shell executes, as the vulnerability requires a low privileged attacker with logon and human interaction from another person.
Consider restricting access to MySQL Shell to prevent unauthorized users from executing it.
Monitor for unusual hangs or crashes of MySQL Shell and apply any available patches or updates from Oracle MySQL when released.