MySQL
CVE-2026-27965
CRITICAL
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionGitHub Advisory
Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location (e.g. an S3 bucket) can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored. This can be used to provide that attacker with unintended/unauthorized access to the production deployment environment - allowing them to access information available in that environment as well as run any additional arbitrary commands there. Versions 23.0.3 and 22.0.4 contain a patch. Some workarounds are available. Those who intended to use an external decompressor then can always specify that decompressor command in the --external-decompressor flag value for vttablet and vtbackup. That then overrides any value specified in the manifest file. Those who did not intend to use an external decompressor, nor an internal one, can specify a value such as cat or tee in the --external-decompressor flag value for vttablet and vtbackup to ensure that a harmless command is always used.
AnalysisAI
Command injection in Vitess MySQL clustering system before 23.0.3/22.0.4. Users with read/write access to the backup store can achieve code execution. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Authenticated read/write access to backup storage location (e.g., S3 bucket) where Vitess backups are stored; backup restoration process must be triggered on target Vitess deployment using manipulated manifest files. Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 9.9 with scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | Attacker with backup store access injects commands through backup metadata, executing code on the Vitess control plane. |
| Remediation | Update Vitess. Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all backup storage locations and verify access controls are properly restricted. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
HUSTOJ online judge has a path traversal vulnerability enabling arbitrary file access on the competition server.
SQL injection in Chartbrew before 4.8.3. PoC available.
SQL injection in LibreNMS 25.12.0 and below. PoC and patch available.
HUSTOJ online judge system has a CSV injection vulnerability in all versions that allows code execution through crafted
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the
SQL injection in LibreNMS versions 25.12.0 and below allows authenticated users to extract sensitive database informatio
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service ex
Awebserver versions up to 18 is affected by allocation of resources without limits or throttling (CVSS 7.5).
The Tarkov Data Manager is a tool to manage the Tarkov item data. [CVSS 7.2 HIGH]
Reflected cross-site scripting in LibreNMS versions 25.12.0 and earlier allows unauthenticated remote attackers to injec
SQL injection in Fleet device management software before version 4.80.1 allows authenticated users to manipulate the ord
Path traversal in Vitess backup manifest handling allows authenticated attackers with access to backup storage to write
Same weakness CWE-78 – OS Command Injection
View allVendor StatusVendor
SUSE
Severity: CriticalShare
External POC / Exploit Code
Leaving vuln.today
GHSA-8g8j-r87h-p36x