Skip to main content

Mysql Ndb Cluster

1 CVEs product

Monthly

CVE-2026-46861 CRITICAL Act Now

Cross-component compromise in Oracle MySQL NDB Cluster (versions 8.0.11-8.0.46, 8.4.0-8.4.9, and 9.0.0-9.7.0) allows a low-privileged remote attacker with HTTP access to the NDB Operator component to read, modify, create, or delete all data accessible to the cluster. The scope-changed nature (S:C) means successful attacks reach beyond the NDB Cluster boundary into adjacent products. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Oracle's CVSS 9.6 rating and 'easily exploitable' characterization make this a high-priority patch.

Authentication Bypass Oracle Mysql Ndb Cluster
NVD VulDB
CVSS 3.1
9.6
EPSS
0.4%
EPSS 0% CVSS 9.6
CRITICAL Act Now

Cross-component compromise in Oracle MySQL NDB Cluster (versions 8.0.11-8.0.46, 8.4.0-8.4.9, and 9.0.0-9.7.0) allows a low-privileged remote attacker with HTTP access to the NDB Operator component to read, modify, create, or delete all data accessible to the cluster. The scope-changed nature (S:C) means successful attacks reach beyond the NDB Cluster boundary into adjacent products. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Oracle's CVSS 9.6 rating and 'easily exploitable' characterization make this a high-priority patch.

Authentication Bypass Oracle Mysql Ndb Cluster
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy