CVE-2026-21950
- Source
- https://cve.org/CVERecord?id=CVE-2026-21950
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-21950.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-21950
- Downstream
- Published
- 2026-01-20T22:15:57.993Z
- Modified
- 2026-02-20T07:44:23.304302Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
- References
Affected packages
Git / github.com/mysql/mysql-server
Affected versions
mysql-8.*
mysql-8.0.38
mysql-8.0.39
mysql-8.0.40
mysql-8.0.41
mysql-8.0.42
mysql-8.0.43
mysql-8.4.1
mysql-8.4.2
mysql-8.4.3
mysql-8.4.4
mysql-8.4.5
mysql-8.4.6
mysql-9.*
mysql-9.0.0
mysql-9.0.1
mysql-9.1.0
mysql-9.2.0
mysql-9.3.0
mysql-9.4.0
mysql-9.5.0
mysql-cluster-7.*
mysql-cluster-7.5.35
mysql-cluster-7.5.36
mysql-cluster-7.6.31
mysql-cluster-7.6.32
mysql-cluster-7.6.33
mysql-cluster-7.6.34
mysql-cluster-7.6.35
mysql-cluster-8.*
mysql-cluster-8.0.38
mysql-cluster-8.0.39
mysql-cluster-8.0.40
mysql-cluster-8.0.41
mysql-cluster-8.0.42
mysql-cluster-8.0.43
mysql-cluster-8.4.1
mysql-cluster-8.4.2
mysql-cluster-8.4.3
mysql-cluster-8.4.4
mysql-cluster-8.4.5
mysql-cluster-8.4.6
mysql-cluster-9.*
mysql-cluster-9.0.0
mysql-cluster-9.0.1
mysql-cluster-9.1.0
mysql-cluster-9.2.0
mysql-cluster-9.3.0
mysql-cluster-9.4.0
mysql-cluster-9.5.0