PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46871 Oracle Corporation CVE debrief

A vulnerability was found in MySQL Shell for VS Code, affecting version 2026.2.0+9.6.1. This medium-severity issue, scored 6.5, allows low-privileged attackers with network access to compromise MySQL Shell and access critical data. The vulnerability is easily exploitable and can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. The CVSS 3.1 Base Score is 6.5 (Confidentiality impacts), with the vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Users of MySQL Shell for VS Code, especially those with low-privileged network access, should be aware of this vulnerability and take necessary precautions.

Vendor
Oracle Corporation
Product
MySQL Shell
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-22
Advisory published
2026-06-17
Advisory updated
2026-06-22

Who should care

Users of MySQL Shell for VS Code, especially those with low-privileged network access, should be aware of this vulnerability and take necessary precautions to prevent exploitation. This includes applying vendor patches or updates to MySQL Shell for VS Code and restricting network access to only necessary users. Additionally, monitoring MySQL Shell for VS Code for signs of exploitation is recommended.

Technical summary

The vulnerability in MySQL Shell for VS Code (component: Shell for VS Code) allows low-privileged attackers with network access via multiple protocols to compromise MySQL Shell. Successful attacks can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. The CVSS 3.1 Base Score is 6.5 (Confidentiality impacts), with the vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability affects MySQL Shell for VS Code, specifically version 2026.2.0+9.6.1.

Defensive priority

Apply vendor patches or updates to MySQL Shell for VS Code to prevent exploitation. Restrict network access to MySQL Shell for VS Code to only necessary users and monitor for signs of exploitation.

Recommended defensive actions

  • Apply the vendor patch or update to MySQL Shell for VS Code.
  • Restrict network access to MySQL Shell for VS Code to only necessary users.
  • Monitor MySQL Shell for VS Code for signs of exploitation.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The CVE record was published on 2026-06-17T10:54:04.800Z and was last modified on 2026-06-22T15:09:51.423Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects MySQL Shell for VS Code, specifically version 2026.2.0+9.6.1. The CVE record and NVD entry provide additional context and details about the vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:04.800Z and has not been modified since then. The NVD entry is currently Analyzed.