PatchSiren cyber security CVE debrief
CVE-2026-46869 Oracle Corporation CVE debrief
A vulnerability was discovered in MySQL Shell, a component of Oracle MySQL. The vulnerability allows an unauthenticated attacker with network access to compromise MySQL Shell, potentially leading to unauthorized access to critical data. This issue affects MySQL Shell versions 8.4.0-8.4.9 and 9.0.0-9.7.0. The vulnerability has a CVSS 3.1 Base Score of 6.5, indicating a medium severity level.
- Vendor
- Oracle Corporation
- Product
- MySQL Shell
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-22
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-22
Who should care
Administrators and users of MySQL Shell versions 8.4.0-8.4.9 and 9.0.0-9.7.0 should be aware of this vulnerability and take necessary precautions. This includes applying security patches, restricting network access, and monitoring logs for suspicious activity.
Technical summary
The vulnerability, CVE-2026-46869, is an easily exploitable vulnerability in MySQL Shell's Dump and Load component. It allows an unauthenticated attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker and can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. The CVSS 3.1 Base Score is 6.5, with a Confidentiality impact.
Defensive priority
Medium
Recommended defensive actions
- Apply the latest security patches for MySQL Shell
- Restrict network access to MySQL Shell
- Monitor MySQL Shell logs for suspicious activity
- Implement additional security measures, such as multi-factor authentication
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-06-17T10:54:04.593Z and was last modified on 2026-06-22T15:27:31.453Z. The NVD entry is currently Analyzed. This information is based on the provided source corpus and may not reflect the full scope of the vulnerability. Further verification is recommended.
Official resources
-
CVE-2026-46869 CVE record
CVE.org
-
CVE-2026-46869 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:04.593Z and has not been modified since then. The NVD entry is currently Analyzed.