PatchSiren cyber security CVE debrief
CVE-2026-46863 Oracle Corporation CVE debrief
A high-severity vulnerability was found in MySQL Server and MySQL Cluster products by Oracle MySQL. The vulnerability affects multiple versions and can be easily exploited by an unauthenticated attacker with network access via multiple protocols to compromise MySQL Server and MySQL Cluster. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and MySQL Cluster. The vulnerability has a CVSS 3.1 Base Score of 7.5 (Availability impacts) and a CVSS Vector of (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
- Vendor
- Oracle Corporation
- Product
- MySQL Server
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Administrators and users of MySQL Server and MySQL Cluster products, especially those using versions 8.4.0-8.4.9, 9.0.0-9.7.0, 8.0.11-8.0.46, and 8.4.0-8.4.9, should be aware of this vulnerability and take necessary actions to mitigate the risk. This includes applying the latest security patches and updates, restricting network access, and monitoring for suspicious activity.
Technical summary
The vulnerability is located in the Server: Connection Handling component of MySQL Server and MySQL Cluster. It has a CVSS 3.1 Base Score of 7.5 (Availability impacts) and a CVSS Vector of (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise MySQL Server and MySQL Cluster. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and MySQL Cluster. This vulnerability affects multiple versions of MySQL Server: 8.4.0-8.4.9, 9.0.0-9.7.0; MySQL Cluster: 8.0.11-8.0.46, 8.4.0-8.4.9 and 9.0.0-9.7.0.
Defensive priority
High
Recommended defensive actions
- Apply the latest security patches and updates provided by Oracle MySQL.
- Restrict network access to MySQL Server and MySQL Cluster to only necessary personnel and systems.
- Monitor MySQL Server and MySQL Cluster for suspicious activity and implement logging and auditing mechanisms.
- Consider implementing compensating controls, such as web application firewalls or intrusion detection systems.
- Review and update access controls to limit exposure.
- Perform regular security audits and vulnerability assessments.
- Implement a incident response plan in case of a potential security breach.
Evidence notes
The CVE record was published on 2026-06-17T10:54:03.967Z and was last modified on 2026-06-18T22:55:55.033Z. The NVD entry is currently Analyzed. The vulnerability has a high severity score and affects multiple versions of MySQL Server and MySQL Cluster. The evidence is based on the CVE record and NVD entry, which provide limited details about the vulnerability.
Official resources
-
CVE-2026-46863 CVE record
CVE.org
-
CVE-2026-46863 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:03.967Z and has not been modified since then. The NVD entry is currently Analyzed.