Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Oracle states HTTP-reachable, unauthenticated, easily exploitable takeover of the Router process, justifying AV:N/AC:L/PR:N/UI:N and C:H/I:H/A:H within the Router's own scope.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Vulnerability in the MySQL Router product of Oracle MySQL (component: Router: General). Supported versions that are affected are 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MySQL Router. Successful attacks of this vulnerability can result in takeover of MySQL Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
AnalysisAI
Remote takeover of Oracle MySQL Router 9.0.0 through 9.7.0 is possible by unauthenticated attackers reaching the Router over HTTP, per Oracle's Critical Patch Update advisory (CPU June 2026). Oracle scores this 9.8 CVSS 3.1 with full confidentiality, integrity, and availability impact, and rates exploitation as easy. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The MySQL Router HTTP listener (the http_server / REST API surface) must be reachable from the attacker over the network, and the Router must be running an affected 9.0.0-9.7.0 release; no authentication, no user interaction, and no special non-default configuration are required per CVSS PR:N/UI:N/AC:L. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All available signals point in the same direction: Oracle's CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H gives network reach, low complexity, no privileges, and no user interaction, with full CIA impact - meaning a single HTTP request from anywhere the Router's HTTP port is reachable can fully compromise the Router process. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network reach to a MySQL Router instance sends a crafted HTTP request to the Router's HTTP listener and, without authenticating, gains control of the Router process - pivoting to intercept, redirect, or manipulate traffic flowing to the backing MySQL InnoDB Cluster. No public exploit is identified at time of analysis, but Oracle's 'easily exploitable' wording and the AV:N/AC:L/PR:N/UI:N vector imply a single-request exploitation pattern that is straightforward to weaponize once technical details surface. |
| Remediation | Apply the fix from Oracle's June 2026 Critical Patch Update (https://www.oracle.com/security-alerts/cspujun2026.html); the input does not enumerate an exact fixed version, so this should be recorded as 'Patch available per vendor advisory' and the precise post-9.7.0 fixed release confirmed directly from the CPU matrix before deployment. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems running MySQL Router 9.0.0-9.7.0; immediately restrict HTTP access using network firewalls and WAF policies to trusted networks only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Mysql Router
View allSame weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37353