Skip to main content

Mysql Shell

5 CVEs product

Monthly

CVE-2026-46871 MEDIUM This Month

Unauthorized data disclosure in Oracle MySQL Shell's VS Code extension component (version 2026.2.0+9.6.1) allows a low-privileged network attacker to gain complete read access to all data accessible through MySQL Shell. The vulnerability, tagged as Authentication Bypass by ENISA intelligence (EUVD-2026-37364), exploits insufficient authorization controls within the Shell for VS Code component, granting data-tier access without requiring user interaction or elevated privileges beyond an initial low-level credential. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Authentication Bypass Oracle Mysql Shell
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2026-46870 HIGH This Week

Takeover of Oracle MySQL Shell is possible against the Shell for VS Code component in version 2026.2.0+9.6.1, where a low-privileged remote attacker can compromise the Shell with a scope-changing impact on additional products. The 8.5 CVSS score reflects full confidentiality, integrity, and availability impact, though high attack complexity tempers practical exploitability. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Oracle Mysql Shell Authentication Bypass
NVD VulDB
CVSS 3.1
8.5
EPSS
0.3%
CVE-2026-46869 MEDIUM This Month

Unauthorized access to critical data is achievable in Oracle MySQL Shell's Dump and Load component, affecting versions 8.4.0-8.4.9 and 9.0.0-9.7.0. An unauthenticated network attacker can exploit this across multiple protocols, but requires a victim user to interact - likely by connecting to or loading a dump from a malicious source. The attack yields complete read access to all MySQL Shell-accessible data with no integrity or availability side effects. No public exploit has been identified at time of analysis, and this vulnerability is not currently listed in the CISA KEV catalog.

Authentication Bypass Oracle Mysql Shell CSRF
NVD VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2026-46850 CRITICAL Act Now

Privilege escalation and full takeover of Oracle MySQL Shell's VS Code extension affects version 2026.2.0+9.6.1, allowing a low-privileged remote attacker with HTTP network access to fully compromise the Shell with confidentiality, integrity, and availability impact. Because the CVSS vector indicates a scope change (S:C), successful exploitation propagates impact beyond the Shell itself into adjacent components the extension connects to, such as MySQL servers managed through the VS Code workflow. No public exploit identified at time of analysis, but the 9.9 base score and 'easily exploitable' wording from Oracle warrant urgent remediation.

Oracle Mysql Shell Code Injection RCE
NVD VulDB
CVSS 3.1
9.9
EPSS
0.4%
CVE-2022-21535 LOW PATCH Monitor

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: General/Core Client). Rated low severity (CVSS 2.5), this vulnerability is no authentication required.

Oracle Denial Of Service Mysql Shell
NVD VulDB
CVSS 3.1
2.5
EPSS
0.5%
EPSS 0% CVSS 6.5
MEDIUM This Month

Unauthorized data disclosure in Oracle MySQL Shell's VS Code extension component (version 2026.2.0+9.6.1) allows a low-privileged network attacker to gain complete read access to all data accessible through MySQL Shell. The vulnerability, tagged as Authentication Bypass by ENISA intelligence (EUVD-2026-37364), exploits insufficient authorization controls within the Shell for VS Code component, granting data-tier access without requiring user interaction or elevated privileges beyond an initial low-level credential. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Authentication Bypass Oracle Mysql Shell
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Week

Takeover of Oracle MySQL Shell is possible against the Shell for VS Code component in version 2026.2.0+9.6.1, where a low-privileged remote attacker can compromise the Shell with a scope-changing impact on additional products. The 8.5 CVSS score reflects full confidentiality, integrity, and availability impact, though high attack complexity tempers practical exploitability. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Oracle Mysql Shell Authentication Bypass
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Unauthorized access to critical data is achievable in Oracle MySQL Shell's Dump and Load component, affecting versions 8.4.0-8.4.9 and 9.0.0-9.7.0. An unauthenticated network attacker can exploit this across multiple protocols, but requires a victim user to interact - likely by connecting to or loading a dump from a malicious source. The attack yields complete read access to all MySQL Shell-accessible data with no integrity or availability side effects. No public exploit has been identified at time of analysis, and this vulnerability is not currently listed in the CISA KEV catalog.

Authentication Bypass Oracle Mysql Shell +1
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Privilege escalation and full takeover of Oracle MySQL Shell's VS Code extension affects version 2026.2.0+9.6.1, allowing a low-privileged remote attacker with HTTP network access to fully compromise the Shell with confidentiality, integrity, and availability impact. Because the CVSS vector indicates a scope change (S:C), successful exploitation propagates impact beyond the Shell itself into adjacent components the extension connects to, such as MySQL servers managed through the VS Code workflow. No public exploit identified at time of analysis, but the 9.9 base score and 'easily exploitable' wording from Oracle warrant urgent remediation.

Oracle Mysql Shell Code Injection +1
NVD VulDB
EPSS 0% CVSS 2.5
LOW PATCH Monitor

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: General/Core Client). Rated low severity (CVSS 2.5), this vulnerability is no authentication required.

Oracle Denial Of Service Mysql Shell
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy