Zero Day MonitorZDM

← Back to list

4.9

CVE-2026-21998EXPLOITEDPATCHED

oracle · mysql_server

CVE-2026-21998: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are a

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Affected Products

Vendor	Product	Versions
oracle	mysql_server	8.0.0, 8.4.0, 9.0.0, 8.0.45-2, 8.0.45-3

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
oracle	mysql	cert_advisory	90%

References

https://www.oracle.com/security-alerts/cpuapr2026.html(vendor-advisory)

Related News (6 articles)

Tier B

CERT-FR21h ago

Multiples vulnérabilités dans les produits VMware (11 mai 2026)

→ No new info (linked only)

Tier B

CERT-FR14d ago

Multiples vulnérabilités dans les produits Microsoft (27 avril 2026)

→ No new info (linked only)

Tier A

Microsoft MSRC18d ago

→ No new info (linked only)

Tier B

BSI Advisories19d ago

[NEU] [hoch] Oracle MySQL: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB19d ago

CVE-2026-21998 | Oracle MySQL Server up to 8.0.45/8.4.8/9.6.0 Optimizer denial of service

→ No new info (linked only)

Tier B

CERT-FR19d ago

Multiples vulnérabilités dans Oracle MySQL (22 avril 2026)

→ No new info (linked only)

CVSS 3.14.9 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://www.oracle.com/security-alerts/cpuapr2026.html

PublishedApr 21, 2026

Last enriched14d agov3

Trending Score56

Source articles6

Independent4

Info Completeness9/14

Missing: epss, cwe, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-22009EXP

CVE-2026-22009: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are a

MEDIUMCVE-2026-22015EXP

CVE-2026-22015: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions t

MEDIUMCVE-2026-22005EXP

CVE-2026-22005: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are a

LOWCVE-2026-22001EXP

CVE-2026-22001: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions t

MEDIUMCVE-2026-34304

CVE-2026-34304: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 21, 2026

Discovered by ZDM

Apr 21, 2026

Updated: affectedVersions

Apr 22, 2026

Actively Exploited

Apr 22, 2026

Exploit Available

Apr 22, 2026

Patch Available

Apr 22, 2026

Updated: affectedVersions, exploitAvailable, activelyExploited

Apr 27, 2026

Version History

v3

Last enriched 14d ago

v3Tier B14d ago

Updated affected versions to include 8.0.45-2 and 8.0.45-3, marked exploit available and actively exploited as true, and set patch available to null.

affectedVersionsexploitAvailableactivelyExploited

via CERT-FR

v2Tier C19d ago

Updated affected versions to include 9.6.0 and corrected exploit availability to false.

affectedVersions

via VulDB

v119d ago

Initial creation