USN-8457-1
- Source
- https://ubuntu.com/security/notices/USN-8457-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8457-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-8457-1
- Upstream
- Related
- Published
- 2026-06-22T13:11:43Z
- Modified
- 2026-06-22T20:19:14.923677939Z
- Summary
- mysql-8.0, mysql-8.4 vulnerabilities
- Details
-
It was discovered that MySQL Router incorrectly handled repeated TLS protocol upgrade requests. An unauthenticated remote attacker could possibly use this issue to cause MySQL Router to crash, resulting in a denial of service. (CVE-2026-46862)
It was discovered that MySQL Server incorrectly handled connection authentication. An unauthenticated remote attacker could possibly use this issue to cause MySQL to crash, resulting in a denial of service. (CVE-2026-46863)
- References
Affected packages
Ubuntu:22.04:LTS / mysql-8.0
Package
- Name
- mysql-8.0
- Purl
- pkg:deb/ubuntu/mysql-8.0?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.0.46-0ubuntu0.22.04.3
Affected versions
8.*
8.0.26-0ubuntu1
8.0.27-0ubuntu0.21.10.1
8.0.28-0ubuntu3
8.0.28-0ubuntu4
8.0.29-0ubuntu0.22.04.1
8.0.29-0ubuntu0.22.04.2
8.0.29-0ubuntu0.22.04.3
8.0.30-0ubuntu0.22.04.1
8.0.31-0ubuntu0.22.04.1
8.0.32-0buntu0.22.04.1
8.0.32-0ubuntu0.22.04.2
8.0.33-0ubuntu0.22.04.1
8.0.33-0ubuntu0.22.04.2
8.0.33-0ubuntu0.22.04.4
8.0.34-0ubuntu0.22.04.1
8.0.35-0ubuntu0.22.04.1
8.0.36-0ubuntu0.22.04.1
8.0.37-0ubuntu0.22.04.3
8.0.39-0ubuntu0.22.04.1
8.0.40-0ubuntu0.22.04.1
8.0.41-0ubuntu0.22.04.1
8.0.42-0ubuntu0.22.04.1
8.0.42-0ubuntu0.22.04.2
8.0.43-0ubuntu0.22.04.1
8.0.43-0ubuntu0.22.04.2
8.0.44-0ubuntu0.22.04.1
8.0.44-0ubuntu0.22.04.2
8.0.45-0ubuntu0.22.04.1
8.0.46-0ubuntu0.22.04.2
Ecosystem specific
{
"binaries": [
{
"binary_name": "libmysqlclient21",
"binary_version": "8.0.46-0ubuntu0.22.04.3"
},
{
"binary_name": "mysql-client",
"binary_version": "8.0.46-0ubuntu0.22.04.3"
},
{
"binary_name": "mysql-client-8.0",
"binary_version": "8.0.46-0ubuntu0.22.04.3"
},
{
"binary_name": "mysql-client-core-8.0",
"binary_version": "8.0.46-0ubuntu0.22.04.3"
},
{
"binary_name": "mysql-router",
"binary_version": "8.0.46-0ubuntu0.22.04.3"
},
{
"binary_name": "mysql-server",
"binary_version": "8.0.46-0ubuntu0.22.04.3"
},
{
"binary_name": "mysql-server-8.0",
"binary_version": "8.0.46-0ubuntu0.22.04.3"
},
{
"binary_name": "mysql-server-core-8.0",
"binary_version": "8.0.46-0ubuntu0.22.04.3"
},
{
"binary_name": "mysql-source-8.0",
"binary_version": "8.0.46-0ubuntu0.22.04.3"
},
{
"binary_name": "mysql-testsuite",
"binary_version": "8.0.46-0ubuntu0.22.04.3"
},
{
"binary_name": "mysql-testsuite-8.0",
"binary_version": "8.0.46-0ubuntu0.22.04.3"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8457-1.json"
cves_map
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"id": "CVE-2026-46862",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-46863",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
Ubuntu:24.04:LTS / mysql-8.0
Package
- Name
- mysql-8.0
- Purl
- pkg:deb/ubuntu/mysql-8.0?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.0.46-0ubuntu0.24.04.3
Affected versions
8.*
8.0.34-1ubuntu1
8.0.35-1ubuntu1
8.0.35-1ubuntu2
8.0.36-1
8.0.36-2ubuntu1
8.0.36-2ubuntu2
8.0.36-2ubuntu3
8.0.37-0ubuntu0.24.04.1
8.0.39-0ubuntu0.24.04.1
8.0.39-0ubuntu0.24.04.2
8.0.40-0ubuntu0.24.04.1
8.0.41-0ubuntu0.24.04.1
8.0.42-0ubuntu0.24.04.1
8.0.42-0ubuntu0.24.04.2
8.0.43-0ubuntu0.24.04.1
8.0.43-0ubuntu0.24.04.2
8.0.44-0ubuntu0.24.04.1
8.0.44-0ubuntu0.24.04.2
8.0.45-0ubuntu0.24.04.1
8.0.46-0ubuntu0.24.04.2
Ecosystem specific
{
"binaries": [
{
"binary_name": "libmysqlclient21",
"binary_version": "8.0.46-0ubuntu0.24.04.3"
},
{
"binary_name": "mysql-client",
"binary_version": "8.0.46-0ubuntu0.24.04.3"
},
{
"binary_name": "mysql-client-8.0",
"binary_version": "8.0.46-0ubuntu0.24.04.3"
},
{
"binary_name": "mysql-client-core-8.0",
"binary_version": "8.0.46-0ubuntu0.24.04.3"
},
{
"binary_name": "mysql-router",
"binary_version": "8.0.46-0ubuntu0.24.04.3"
},
{
"binary_name": "mysql-server",
"binary_version": "8.0.46-0ubuntu0.24.04.3"
},
{
"binary_name": "mysql-server-8.0",
"binary_version": "8.0.46-0ubuntu0.24.04.3"
},
{
"binary_name": "mysql-server-core-8.0",
"binary_version": "8.0.46-0ubuntu0.24.04.3"
},
{
"binary_name": "mysql-source-8.0",
"binary_version": "8.0.46-0ubuntu0.24.04.3"
},
{
"binary_name": "mysql-testsuite",
"binary_version": "8.0.46-0ubuntu0.24.04.3"
},
{
"binary_name": "mysql-testsuite-8.0",
"binary_version": "8.0.46-0ubuntu0.24.04.3"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8457-1.json"
cves_map
{
"ecosystem": "Ubuntu:24.04:LTS",
"cves": [
{
"id": "CVE-2026-46862",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-46863",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
Ubuntu:25.10 / mysql-8.4
Package
- Name
- mysql-8.4
- Purl
- pkg:deb/ubuntu/mysql-8.4?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.4.10-0ubuntu0.25.10.1
Affected versions
8.*
8.4.4-0ubuntu2
8.4.5-0ubuntu1
8.4.5-0ubuntu2
8.4.5-0ubuntu3
8.4.6-0ubuntu1
8.4.6-0ubuntu3
8.4.7-0ubuntu0.25.10.2
8.4.7-0ubuntu0.25.10.3
8.4.8-0ubuntu0.25.10.1
8.4.9-0ubuntu0.25.10.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libmysqlclient24",
"binary_version": "8.4.10-0ubuntu0.25.10.1"
},
{
"binary_name": "mysql-client",
"binary_version": "8.4.10-0ubuntu0.25.10.1"
},
{
"binary_name": "mysql-client-core",
"binary_version": "8.4.10-0ubuntu0.25.10.1"
},
{
"binary_name": "mysql-router",
"binary_version": "8.4.10-0ubuntu0.25.10.1"
},
{
"binary_name": "mysql-server",
"binary_version": "8.4.10-0ubuntu0.25.10.1"
},
{
"binary_name": "mysql-server-core",
"binary_version": "8.4.10-0ubuntu0.25.10.1"
},
{
"binary_name": "mysql-source",
"binary_version": "8.4.10-0ubuntu0.25.10.1"
},
{
"binary_name": "mysql-testsuite",
"binary_version": "8.4.10-0ubuntu0.25.10.1"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8457-1.json"
cves_map
{
"ecosystem": "Ubuntu:25.10",
"cves": [
{
"id": "CVE-2026-46862",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-46863",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}
Ubuntu:26.04:LTS / mysql-8.4
Package
- Name
- mysql-8.4
- Purl
- pkg:deb/ubuntu/mysql-8.4?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.4.10-0ubuntu0.26.04.1
Affected versions
8.*
8.4.6-0ubuntu3
8.4.7-0ubuntu2
8.4.7-0ubuntu3
8.4.8-0ubuntu1
8.4.9-0ubuntu0.26.04.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libmysqlclient24",
"binary_version": "8.4.10-0ubuntu0.26.04.1"
},
{
"binary_name": "mysql-client",
"binary_version": "8.4.10-0ubuntu0.26.04.1"
},
{
"binary_name": "mysql-client-core",
"binary_version": "8.4.10-0ubuntu0.26.04.1"
},
{
"binary_name": "mysql-router",
"binary_version": "8.4.10-0ubuntu0.26.04.1"
},
{
"binary_name": "mysql-server",
"binary_version": "8.4.10-0ubuntu0.26.04.1"
},
{
"binary_name": "mysql-server-core",
"binary_version": "8.4.10-0ubuntu0.26.04.1"
},
{
"binary_name": "mysql-source",
"binary_version": "8.4.10-0ubuntu0.26.04.1"
},
{
"binary_name": "mysql-testsuite",
"binary_version": "8.4.10-0ubuntu0.26.04.1"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8457-1.json"
cves_map
{
"ecosystem": "Ubuntu:26.04:LTS",
"cves": [
{
"id": "CVE-2026-46862",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-46863",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
]
}