PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46869 Oracle Corporation CVE debrief

A vulnerability was discovered in MySQL Shell, a component of Oracle MySQL. The vulnerability allows an unauthenticated attacker with network access to compromise MySQL Shell, potentially leading to unauthorized access to critical data. This issue affects MySQL Shell versions 8.4.0-8.4.9 and 9.0.0-9.7.0. The vulnerability has a CVSS 3.1 Base Score of 6.5, indicating a medium severity level.

Vendor
Oracle Corporation
Product
MySQL Shell
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-22
Advisory published
2026-06-17
Advisory updated
2026-06-22

Who should care

Administrators and users of MySQL Shell versions 8.4.0-8.4.9 and 9.0.0-9.7.0 should be aware of this vulnerability and take necessary precautions. This includes applying security patches, restricting network access, and monitoring logs for suspicious activity.

Technical summary

The vulnerability, CVE-2026-46869, is an easily exploitable vulnerability in MySQL Shell's Dump and Load component. It allows an unauthenticated attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. The CVSS 3.1 Base Score is 6.5, with a Confidentiality impact.

Defensive priority

Medium

Recommended defensive actions

  • Apply the latest security patches for MySQL Shell
  • Restrict network access to MySQL Shell
  • Monitor MySQL Shell logs for suspicious activity
  • Implement additional security measures, such as multi-factor authentication
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-06-17T10:54:04.593Z and was last modified on 2026-06-22T15:27:31.453Z. The NVD entry is currently Analyzed. This information is based on the provided source corpus and may not reflect the full scope of the vulnerability. Further verification is recommended.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:04.593Z and has not been modified since then. The NVD entry is currently Analyzed.