CVE-2026-21964

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 8.0.0 through 8.0.44 Oracle MySQL versions 8.4.0 through 8.4.7 Oracle MySQL versions 9.0.0 through 9.5.0

Description An issue exists in the Server: Thread Pooling component of Oracle MySQL that allows a high-privileged attacker with network access to cause a denial-of-service (complete hang or frequent crash) condition. The issue is easily exploitable via multiple protocols.

Recommendations Update Oracle MySQL to a version later than 8.0.44 Update Oracle MySQL to a version later than 8.4.7 Update Oracle MySQL to a version later than 9.5.0

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2026:4162

ALSA-2026:4828

ALSA-2026:5580

ALSA-2026:5640

ALSA-2026:6391

AZL-74949

AZL-75008

BDU:2026-00699

CVE-2026-21964

OESA-2026-1196

RHSA-2026:4162

RHSA-2026:4828

RHSA-2026:5580

RHSA-2026:5640

RHSA-2026:6391

USN-7994-1

USN-8006-1

Affected Products

Linuxmint

Mysql Server

Oracle Mysql

Ubuntu

CVE-2026-21964

Weakness Enumeration

Related Identifiers

Affected Products

References · 68