Vulnerability in MySQL Server by Oracle Affecting Optimizer Component
CVE-2026-34278

4.9MEDIUM

Key Information:

Vendor: Oracle
Status: Mysql Server
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-34278?

A vulnerability exists in the Optimizer component of MySQL Server 8.0.0 to 8.0.45 by Oracle, allowing a malicious actor with high privileges and network access to exploit the server through multiple protocols. This could lead to unauthorized interruptions or a complete denial of service, potentially causing the server to hang or crash repeatedly. Organizations using affected MySQL versions are urged to apply the latest patches to mitigate risks and ensure operational stability.

Affected Version(s)

MySQL Server 8.0.0 <= 8.0.45

References

https://www.oracle.com/security-alerts/cpuapr2026.html

vendor-advisory

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Mar 26, 2026

CVE-2026-34278 Data

JSON