Vulnerability in MySQL Shell for Oracle MySQL Revealed
CVE-2026-46870

8.5HIGH

Key Information:

Vendor

Oracle

Vendor
CVE Published:
16 June 2026

What is CVE-2026-46870?

A vulnerability exists in MySQL Shell, an integral component of Oracle MySQL, which allows a low-privileged attacker with network access to exploit the shell through various protocols. Targeting the specific version 2026.2.0+9.6.1, this flaw may facilitate unauthorized control over the MySQL Shell interface. Although the vulnerability directly affects the MySQL Shell, its impact extends to potentially compromising additional associated products, raising significant security concerns. Successful exploitation could lead to complete takeover of the MySQL Shell, undermining the confidentiality, integrity, and availability of affected systems. For further information, refer to the Oracle Advisory.

Affected Version(s)

MySQL Shell 2026.2.0+9.6.1

References

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.