Skip to main content

MySQL CVE-2026-21968

MEDIUM
2026-01-20 secalert_us@oracle.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Patch released
Apr 09, 2026 - 14:30 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 20, 2026 - 22:15 nvd
MEDIUM 6.5

DescriptionCVE.org

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

AnalysisAI

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 6.5).

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment CVSS 6.5 (MEDIUM). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker without authentication could exploit this vulnerability to unauthorized ability to cause a hang or frequently repeatable crash (complete DO.
Remediation Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in MySQL

View all
CVE-2026-24479 CRITICAL POC
9.8 Jan 27

HUSTOJ online judge has a path traversal vulnerability enabling arbitrary file access on the competition server.

CVE-2026-27005 CRITICAL POC
9.8 Mar 06

SQL injection in Chartbrew before 4.8.3. PoC available.

CVE-2026-26988 CRITICAL POC
9.1 Feb 20

SQL injection in LibreNMS 25.12.0 and below. PoC and patch available.

CVE-2026-23873 CRITICAL POC
9.0 Jan 22

HUSTOJ online judge system has a CSV injection vulnerability in all versions that allows code execution through crafted

CVE-2020-37116 HIGH POC
8.8 Feb 03

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the

CVE-2026-26990 HIGH POC
8.8 Feb 20

SQL injection in LibreNMS versions 25.12.0 and below allows authenticated users to extract sensitive database informatio

CVE-2021-47761 HIGH POC
7.8 Jan 15

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service ex

CVE-2021-47752 HIGH POC
7.5 Jan 15

Awebserver versions up to 18 is affected by allocation of resources without limits or throttling (CVSS 7.5).

CVE-2026-21856 HIGH POC
7.2 Jan 07

The Tarkov Data Manager is a tool to manage the Tarkov item data. [CVSS 7.2 HIGH]

CVE-2026-26987 MEDIUM POC
6.1 Feb 20

Reflected cross-site scripting in LibreNMS versions 25.12.0 and earlier allows unauthenticated remote attackers to injec

CVE-2026-27965 CRITICAL
9.9 Feb 26

Command injection in Vitess MySQL clustering system before 23.0.3/22.0.4. Users with read/write access to the backup sto

CVE-2026-26186 HIGH
8.8 Feb 26

SQL injection in Fleet device management software before version 4.80.1 allows authenticated users to manipulate the ord

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Liberty Linux 8 Fixed
SUSE Liberty Linux 9 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Module for Server Applications 15 SP7 Fixed

Share

CVE-2026-21968 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy