PatchSiren cyber security CVE debrief
CVE-2026-46871 Oracle Corporation CVE debrief
A vulnerability was found in MySQL Shell for VS Code, affecting version 2026.2.0+9.6.1. This medium-severity issue, scored 6.5, allows low-privileged attackers with network access to compromise MySQL Shell and access critical data. The vulnerability is easily exploitable and can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. The CVSS 3.1 Base Score is 6.5 (Confidentiality impacts), with the vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Users of MySQL Shell for VS Code, especially those with low-privileged network access, should be aware of this vulnerability and take necessary precautions.
- Vendor
- Oracle Corporation
- Product
- MySQL Shell
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-22
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-22
Who should care
Users of MySQL Shell for VS Code, especially those with low-privileged network access, should be aware of this vulnerability and take necessary precautions to prevent exploitation. This includes applying vendor patches or updates to MySQL Shell for VS Code and restricting network access to only necessary users. Additionally, monitoring MySQL Shell for VS Code for signs of exploitation is recommended.
Technical summary
The vulnerability in MySQL Shell for VS Code (component: Shell for VS Code) allows low-privileged attackers with network access via multiple protocols to compromise MySQL Shell. Successful attacks can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. The CVSS 3.1 Base Score is 6.5 (Confidentiality impacts), with the vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability affects MySQL Shell for VS Code, specifically version 2026.2.0+9.6.1.
Defensive priority
Apply vendor patches or updates to MySQL Shell for VS Code to prevent exploitation. Restrict network access to MySQL Shell for VS Code to only necessary users and monitor for signs of exploitation.
Recommended defensive actions
- Apply the vendor patch or update to MySQL Shell for VS Code.
- Restrict network access to MySQL Shell for VS Code to only necessary users.
- Monitor MySQL Shell for VS Code for signs of exploitation.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE record was published on 2026-06-17T10:54:04.800Z and was last modified on 2026-06-22T15:09:51.423Z. The NVD entry is currently Analyzed. This information is based on the NVD entry and the CVE record. The vulnerability affects MySQL Shell for VS Code, specifically version 2026.2.0+9.6.1. The CVE record and NVD entry provide additional context and details about the vulnerability.
Official resources
-
CVE-2026-46871 CVE record
CVE.org
-
CVE-2026-46871 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:04.800Z and has not been modified since then. The NVD entry is currently Analyzed.