PT-2026-3715 · Oracle+3 · Oracle Mysql+3

Anton Fedorov

Publicado

2026-01-20

Atualizado

2026-04-02

CVE-2026-21968

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 8.0.0 through 8.0.44 Oracle MySQL versions 8.4.0 through 8.4.7 Oracle MySQL versions 9.0.0 through 9.5.0

Description An issue exists in the Server: Optimizer component of Oracle MySQL Server. The problem is related to insufficient input validation. A remote attacker can trigger a denial-of-service (DOS) condition, potentially causing a hang or frequent crashes of the MySQL Server. The vulnerability is easily exploitable and requires network access via multiple protocols. An attacker with low privileges can compromise the server.

Recommendations Oracle MySQL versions 8.0.0 through 8.0.44: Update to a later version. Oracle MySQL versions 8.4.0 through 8.4.7: Update to a later version. Oracle MySQL versions 9.0.0 through 9.5.0: Update to a later version.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALSA-2026:4162

ALSA-2026:4828

ALSA-2026:5580

ALSA-2026:5640

ALSA-2026:6391

ALSA-2026:6435

AZL-74943

AZL-75011

BDU:2026-00702

CVE-2026-21968

ECHO-17B7-25F0-56D7

OESA-2026-1196

RHSA-2026:0136

RHSA-2026:0247

RHSA-2026:0334

RHSA-2026:0335

RHSA-2026:0376

RHSA-2026:4162

RHSA-2026:4828

RHSA-2026:5580

RHSA-2026:5640

RHSA-2026:6391

RHSA-2026:6435

USN-7994-1

USN-8006-1

Produtos afetados

Linuxmint

Mysql Server

Oracle Mysql

Ubuntu

PT-2026-3715 · Oracle+3 · Oracle Mysql+3

CVE-2026-21968

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 90