PT-2026-3715 · Oracle+3 · Oracle Mysql+3

Anton Fedorov

Published

2026-01-20

Updated

2026-04-02

CVE-2026-21968

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 8.0.0 through 8.0.44 Oracle MySQL versions 8.4.0 through 8.4.7 Oracle MySQL versions 9.0.0 through 9.5.0

Description An issue exists in the Server: Optimizer component of Oracle MySQL Server. The problem is related to insufficient input validation. A remote attacker can trigger a denial-of-service (DOS) condition, potentially causing a hang or frequent crashes of the MySQL Server. The vulnerability is easily exploitable and requires network access via multiple protocols. An attacker with low privileges can compromise the server.

Recommendations Oracle MySQL versions 8.0.0 through 8.0.44: Update to a later version. Oracle MySQL versions 8.4.0 through 8.4.7: Update to a later version. Oracle MySQL versions 9.0.0 through 9.5.0: Update to a later version.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2026:4162

ALSA-2026:4828

ALSA-2026:5580

ALSA-2026:5640

ALSA-2026:6391

ALSA-2026:6435

AZL-74943

AZL-75011

BDU:2026-00702

CVE-2026-21968

ECHO-17B7-25F0-56D7

OESA-2026-1196

RHSA-2026:0136

RHSA-2026:0247

RHSA-2026:0334

RHSA-2026:0335

RHSA-2026:0376

RHSA-2026:4162

RHSA-2026:4828

RHSA-2026:5580

RHSA-2026:5640

RHSA-2026:6391

RHSA-2026:6435

USN-7994-1

USN-8006-1

Affected Products

Linuxmint

Mysql Server

Oracle Mysql

Ubuntu

PT-2026-3715 · Oracle+3 · Oracle Mysql+3

CVE-2026-21968

Weakness Enumeration

Related Identifiers

Affected Products

References · 90