CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

NCSC-2026-0205 [1.00] [M/H] Vulnerabilities fixed in Oracle MySQL products

unknownCVE-2026-46850CVE-2026-46860CVE-2026-46861CVE-2026-46862CVE-2026-46863CVE-2026-46869
Oracle has fixed vulnerabilities in Oracle MySQL Shell for VS Code, MySQL Router, MySQL NDB Cluster, and MySQL Server. The vulnerabilities are present in various Oracle MySQL products and versions. In MySQL Shell for VS Code (version 2026.2.0+9.6.1), attackers with low privileges and network access via HTTP or user-interactive network access can gain full control over the MySQL Shell or unauthorized access to critical data. In MySQL Router (versions 8.4.0 to 8.4.9 and 9.0.0 to 9.7.0), unauthenticated attackers can achieve full device takeover or cause a denial-of-service by crashing or hanging the system via HTTP or TLS. MySQL NDB Cluster (versions 8.0.11 to 8.0.46, 8.4.0 to 8.4.9, and 9.0.0 to 9.7.0) contains a vulnerability that allows an attacker with low privileges and network access via HTTP to create, delete, or modify unauthorized critical data. MySQL Server and MySQL Cluster contain a vulnerability that allows an unauthenticated network attacker to cause a denial-of-service by crashing or hanging the server. The vulnerabilities have various CVSS 3.1 base scores ranging from 6.5 to 9.9, depending on the product and the nature of the vulnerability.

CSIRTS triage

What
Vulnerabilities in various MySQL products could allow attackers to gain unauthorized access or cause denial-of-service.
Who is affected
Users of Oracle MySQL products with network access.
Urgency
Remediation is critical due to the potential for unauthorized access and system disruption.
Action
Users should apply the updates provided by Oracle.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch MySQL

Get an email when a new MySQL advisory drops — max one per day, one-click unsubscribe.

Details

Source
NCSC-NL Advisories (NL · national-cert · site)
Severity
unknown
Published
2026-06-17
Exploitation
Not in CISA KEV at last sync
Language
Machine-translated to English — verify against the original

Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0205

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-46850coverage & exploitation statusNVD · CVE.org
CVE-2026-46860coverage & exploitation statusNVD · CVE.org
CVE-2026-46861coverage & exploitation statusNVD · CVE.org
CVE-2026-46862coverage & exploitation statusNVD · CVE.org
CVE-2026-46863coverage & exploitation statusNVD · CVE.org
CVE-2026-46869coverage & exploitation statusNVD · CVE.org
CVE-2026-46870coverage & exploitation statusNVD · CVE.org
CVE-2026-46871coverage & exploitation statusNVD · CVE.org

More from NCSC-NL Advisories