PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46863 Oracle Corporation CVE debrief

A high-severity vulnerability was found in MySQL Server and MySQL Cluster products by Oracle MySQL. The vulnerability affects multiple versions and can be easily exploited by an unauthenticated attacker with network access via multiple protocols to compromise MySQL Server and MySQL Cluster. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and MySQL Cluster. The vulnerability has a CVSS 3.1 Base Score of 7.5 (Availability impacts) and a CVSS Vector of (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Vendor
Oracle Corporation
Product
MySQL Server
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Administrators and users of MySQL Server and MySQL Cluster products, especially those using versions 8.4.0-8.4.9, 9.0.0-9.7.0, 8.0.11-8.0.46, and 8.4.0-8.4.9, should be aware of this vulnerability and take necessary actions to mitigate the risk. This includes applying the latest security patches and updates, restricting network access, and monitoring for suspicious activity.

Technical summary

The vulnerability is located in the Server: Connection Handling component of MySQL Server and MySQL Cluster. It has a CVSS 3.1 Base Score of 7.5 (Availability impacts) and a CVSS Vector of (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise MySQL Server and MySQL Cluster. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and MySQL Cluster. This vulnerability affects multiple versions of MySQL Server: 8.4.0-8.4.9, 9.0.0-9.7.0; MySQL Cluster: 8.0.11-8.0.46, 8.4.0-8.4.9 and 9.0.0-9.7.0.

Defensive priority

High

Recommended defensive actions

  • Apply the latest security patches and updates provided by Oracle MySQL.
  • Restrict network access to MySQL Server and MySQL Cluster to only necessary personnel and systems.
  • Monitor MySQL Server and MySQL Cluster for suspicious activity and implement logging and auditing mechanisms.
  • Consider implementing compensating controls, such as web application firewalls or intrusion detection systems.
  • Review and update access controls to limit exposure.
  • Perform regular security audits and vulnerability assessments.
  • Implement a incident response plan in case of a potential security breach.

Evidence notes

The CVE record was published on 2026-06-17T10:54:03.967Z and was last modified on 2026-06-18T22:55:55.033Z. The NVD entry is currently Analyzed. The vulnerability has a high severity score and affects multiple versions of MySQL Server and MySQL Cluster. The evidence is based on the CVE record and NVD entry, which provide limited details about the vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:03.967Z and has not been modified since then. The NVD entry is currently Analyzed.