CVE-2026-21941

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 8.0.0 through 8.0.44 Oracle MySQL versions 8.4.0 through 8.4.7 Oracle MySQL versions 9.0.0 through 9.5.0

Description An issue exists in the Server: Optimizer component of Oracle MySQL Server that allows a high-privileged attacker with network access to cause a denial-of-service (DOS) condition, resulting in a hang or frequent crashes of the MySQL Server. The vulnerability is easily exploitable through multiple network protocols.

Recommendations Oracle MySQL versions 8.0.0 through 8.0.44 should be updated. Oracle MySQL versions 8.4.0 through 8.4.7 should be updated. Oracle MySQL versions 9.0.0 through 9.5.0 should be updated.

Fix

DoS

RCE

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-400

Related Identifiers

ALSA-2026:4162

ALSA-2026:4828

ALSA-2026:5580

ALSA-2026:5640

ALSA-2026:6391

AZL-74946

AZL-75002

BDU:2026-00691

CVE-2026-21941

OESA-2026-1196

RHSA-2026:4162

RHSA-2026:4828

RHSA-2026:5580

RHSA-2026:5640

RHSA-2026:6391

USN-7994-1

USN-8006-1

Affected Products

Linuxmint

Mysql Server

Oracle Mysql

Ubuntu

CVE-2026-21941

Weakness Enumeration

Related Identifiers

Affected Products

References · 68