DNA View

CVE-2026-21948

Medium

Low Medium High Critical

4.9

CVSS Score

Published: Jan 20, 2026

Last Modified: Jan 29, 2026

CWE: CWE-400

Vulnerability Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

37 configuration(s) from 1 vendor(s)

mysql_server

Version:

8.0.30

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.30:*:*:*:*:*:*:*

mysql_server

Version:

8.4.1

CPE:

cpe:2.3:a:oracle:mysql_server:8.4.1:*:*:*:*:*:*:*

mysql_server

Version:

9.2.0

CPE:

cpe:2.3:a:oracle:mysql_server:9.2.0:*:*:*:*:*:*:*

mysql_server

Version:

8.0.42

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.42:*:*:*:*:*:*:*

mysql_server

Version:

8.0.34

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.34:*:*:*:*:*:*:*

mysql_server

Version:

8.0.31

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.31:*:*:*:*:*:*:*

mysql_server

Version:

8.0.23

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.23:*:*:*:*:*:*:*

mysql_server

Version:

8.0.35

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.35:*:*:*:*:*:*:*

mysql_server

Version:

8.4.2

CPE:

cpe:2.3:a:oracle:mysql_server:8.4.2:*:*:*:*:*:*:*

mysql_server

Version:

8.0.17

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.17:*:*:*:*:*:*:*

mysql_server

Version:

8.0.29

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.29:*:*:*:*:*:*:*

mysql_server

Version:

8.0.36

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.36:*:*:*:*:*:*:*

mysql_server

Version:

9.4.0

CPE:

cpe:2.3:a:oracle:mysql_server:9.4.0:*:*:*:*:*:*:*

mysql_server

Version:

8.0.22

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.22:*:*:*:*:*:*:*

mysql_server

Version:

8.4.3

CPE:

cpe:2.3:a:oracle:mysql_server:8.4.3:*:*:*:*:*:*:*

mysql_server

Version:

8.0.33

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.33:*:*:*:*:*:*:*

mysql_server

Version:

9.0.1

CPE:

cpe:2.3:a:oracle:mysql_server:9.0.1:*:*:*:*:*:*:*

mysql_server

Version:

8.4.6

CPE:

cpe:2.3:a:oracle:mysql_server:8.4.6:*:*:*:*:*:*:*

mysql_server

Version:

8.0.37

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.37:*:*:*:*:*:*:*

mysql_server

Version:

8.0.40

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.40:*:*:*:*:*:*:*

mysql_server

Version:

9.1.0

CPE:

cpe:2.3:a:oracle:mysql_server:9.1.0:*:*:*:*:*:*:*

mysql_server

Version:

8.0.43

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.43:*:*:*:*:*:*:*

mysql_server

Version:

8.4.4

CPE:

cpe:2.3:a:oracle:mysql_server:8.4.4:*:*:*:*:*:*:*

mysql_server

Version:

8.0.28

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.28:*:*:*:*:*:*:*

mysql_server

Version:

8.4.5

CPE:

cpe:2.3:a:oracle:mysql_server:8.4.5:*:*:*:*:*:*:*

mysql_server

Version:

8.0.27

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.27:*:*:*:*:*:*:*

mysql_server

Version:

9.0.0

CPE:

cpe:2.3:a:oracle:mysql_server:9.0.0:*:*:*:*:*:*:*

mysql_server

Version:

8.0.0

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.0:*:*:*:*:*:*:*

mysql_server

Version:

8.0.32

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.32:*:*:*:*:*:*:*

mysql_server

Version:

8.0.38

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.38:*:*:*:*:*:*:*

mysql_server

Version:

8.0.41

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.41:*:*:*:*:*:*:*

mysql_server

Version:

8.0.15

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.15:*:*:*:*:*:*:*

mysql_server

Version:

8.0.26

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.26:*:*:*:*:*:*:*

mysql_server

Version:

8.4.0

CPE:

cpe:2.3:a:oracle:mysql_server:8.4.0:*:*:*:*:*:*:*

mysql_server

Version:

8.0.25

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.25:*:*:*:*:*:*:*

mysql_server

Version:

8.0.39

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.39:*:*:*:*:*:*:*

mysql_server

Version:

8.0.24

CPE:

cpe:2.3:a:oracle:mysql_server:8.0.24:*:*:*:*:*:*:*

This vulnerability affects 37 software configuration(s). Ensure you patch all affected systems.

Available Security Patches

3 patches available from vendors

View All Patches

SUSE

CVE-2026-21948

Severity

Unknown

Released

Mar 05, 2026

Security Update

View Details Vendor Page

Canonical (Ubuntu)

USN-7994-1

USN-7994-1: MySQL vulnerabilities

Severity

Unknown

Released

Feb 02, 2026

Security Update

View Details Vendor Page

Oracle

CPUJAN2026

Oracle Critical Patch Update Advisory - January 2026

Severity

Critical

Released

Jan 20, 2026

Restart Required

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

https://www.oracle.com/security-alerts/cpujan2026.html
secalert_us@oracle.com Vendor Advisory

Severity Details

4.9

out of 10.0

Medium

Weakness Type (CWE)

CWE-400

Uncontrolled Resource Consumption

Description: The product does not properly control the allocation and maintenance of a limited resource.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Class