CVE-2026-21937

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 8.0.0 through 8.0.44 Oracle MySQL versions 8.4.0 through 8.4.7 Oracle MySQL versions 9.0.0 through 9.5.0

Description A flaw exists in the Server: DDL component of Oracle MySQL Server that allows a high-privileged attacker with network access, through multiple protocols, to cause a denial-of-service condition. Successful exploitation can lead to a hang or frequent crashes of the MySQL Server.

Recommendations Oracle MySQL versions 8.0.0 through 8.0.44 should be updated. Oracle MySQL versions 8.4.0 through 8.4.7 should be updated. Oracle MySQL versions 9.0.0 through 9.5.0 should be updated.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2026:4162

ALSA-2026:4828

ALSA-2026:5580

ALSA-2026:5640

ALSA-2026:6391

AZL-74955

AZL-74999

BDU:2026-00678

CVE-2026-21937

OESA-2026-1196

RHSA-2026:4162

RHSA-2026:4828

RHSA-2026:5580

RHSA-2026:5640

RHSA-2026:6391

USN-7994-1

USN-8006-1

Affected Products

Linuxmint

Mysql Server

Oracle Mysql

Ubuntu

CVE-2026-21937

Weakness Enumeration

Related Identifiers

Affected Products

References · 68