MySQL Server Vulnerability in Oracle Software
CVE-2026-22001

2.7LOW

Key Information:

Vendor: Oracle
Status: Mysql Server
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-22001?

A vulnerability has been identified in Oracle's MySQL Server that allows an attacker with high privileges and network access to compromise the system. This flaw exists in specific versions of the MySQL Server where unauthorized access to sensitive data can be achieved. The vulnerability presents severe security implications as it could permit unauthorized read access to certain data within MySQL databases. It is critical for users of affected MySQL Server versions to implement appropriate security measures to mitigate potential risks.

Affected Version(s)

MySQL Server 8.0.0 <= 8.0.45

MySQL Server 8.4.0 <= 8.4.8

MySQL Server 9.0.0 <= 9.6.0

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-22001 Data

JSON