PatchSiren cyber security CVE debrief
CVE-2026-46862 Oracle Corporation CVE debrief
A high-severity vulnerability was discovered in MySQL Router, a component of Oracle MySQL. The vulnerability, tracked as CVE-2026-46862, allows unauthenticated attackers with network access via TLS to compromise MySQL Router, potentially leading to a denial of service (DOS). The vulnerability has a CVSS 3.1 Base Score of 7.5 and affects MySQL Router versions 8.4.0-8.4.9 and 9.0.0-9.7.0. System administrators and security teams should be aware of this vulnerability and take immediate action to mitigate the risk.
- Vendor
- Oracle Corporation
- Product
- MySQL Router
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
System administrators and security teams responsible for MySQL Router installations, particularly those using versions 8.4.0-8.4.9 and 9.0.0-9.7.0, should be aware of this vulnerability and take immediate action to mitigate the risk. This includes reviewing the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
The vulnerability is caused by a weakness in the MySQL Router product, specifically in the Router: General component. It has a CVSS 3.1 Base Score of 7.5 and a CVSS Vector of (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The vulnerability allows unauthenticated attackers with network access via TLS to compromise MySQL Router, potentially leading to a denial of service (DOS). The affected versions are 8.4.0-8.4.9 and 9.0.0-9.7.0.
Defensive priority
High
Recommended defensive actions
- Apply the latest security patches from Oracle Corporation
- Restrict network access to MySQL Router to only trusted sources
- Monitor MySQL Router logs for suspicious activity
- Consider implementing additional security controls, such as encryption and authentication
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-06-17T10:54:03.863Z and was last modified on 2026-06-18T22:42:31.240Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects MySQL Router versions 8.4.0-8.4.9 and 9.0.0-9.7.0. The CVSS 3.1 Base Score is 7.5 with a CVSS Vector of (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Official resources
-
CVE-2026-46862 CVE record
CVE.org
-
CVE-2026-46862 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:03.863Z and has not been modified since then. The NVD entry is currently Analyzed.