Vulnerability in MySQL Server by Oracle Exposes Data to Low Privileged Attackers
CVE-2026-22015

4.3MEDIUM

Key Information:

Vendor: Oracle
Status: Mysql Server
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-22015?

A vulnerability exists in the MySQL Server product of Oracle MySQL, specifically within the Information Schema component. This issue affects several supported versions, making it susceptible to exploitation through network access by low privileged attackers using multiple protocols. If exploited, this vulnerability can lead to unauthorized read access to a subset of data within the MySQL Server, potentially compromising sensitive information. Users are encouraged to apply the recommended patches to secure their databases and protect against potential data breaches.

Affected Version(s)

MySQL Server 8.0.0 <= 8.0.45

MySQL Server 8.4.0 <= 8.4.8

MySQL Server 9.0.0 <= 9.6.0

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Jan 5, 2026

CVE-2026-22015 Data

JSON