Network Vulnerability in MySQL Server by Oracle
CVE-2026-22009

6.5MEDIUM

Key Information:

Vendor: Oracle
Status: Mysql Server
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-22009?

A flaw in Oracle's MySQL Server product allows a low-privileged attacker with network access to exploit the server via multiple protocols. This vulnerability can lead to service disruptions, including frequent crashes or complete denial of service, affecting the availability of MySQL Server. The vulnerable versions include 8.0.0 to 8.0.45, 8.4.0 to 8.4.8, and 9.0.0 to 9.6.0, raising significant security concerns for users reliant on these deployments.

Affected Version(s)

MySQL Server 8.0.0 <= 8.0.45

MySQL Server 8.4.0 <= 8.4.8

MySQL Server 9.0.0 <= 9.6.0

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-22009 Data

JSON