Zero Day MonitorZDM

← Back to list

5.8

CVE-2026-34318EXPLOITEDPATCHED

oracle · mysql

CVE-2026-34318: Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are a

Description

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Shell. While the vulnerability is in MySQL Shell, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).

Affected Products

Vendor	Product	Versions
oracle	mysql	8.0.0, 8.4.0, 9.0.0

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
oracle	mysql	cert_advisory	90%

References

https://www.oracle.com/security-alerts/cpuapr2026.html(vendor-advisory)

Related News (6 articles)

Tier B

BSI Advisories1d ago

[UPDATE] [hoch] Oracle MySQL: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

BSI Advisories13d ago

[NEU] [hoch] Oracle MySQL: Mehrere Schwachstellen

→ No new info (linked only)

Tier A

Microsoft MSRC54d ago

→ No new info (linked only)

Tier B

BSI Advisories69d ago

[NEU] [hoch] Oracle MySQL: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB69d ago

CVE-2026-34318 | Oracle MySQL Shell up to 8.0.45/8.4.8/9.6.0 Core Client improper authorization

→ No new info (linked only)

Tier B

CERT-FR69d ago

Multiples vulnérabilités dans Oracle MySQL (22 avril 2026)

→ No new info (linked only)

CVSS 3.15.8 MEDIUM

VectorCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://www.oracle.com/security-alerts/cpuapr2026.html

PublishedApr 21, 2026

Last enriched69d agov2

Tags

improper authorizationmultiple vulnerabilitiesconfidentialityintegrityavailabilityremote exploitation

Trending Score55

Source articles6

Independent4

Info Completeness8/14

Missing: epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-35273EXPKEV

CVE-2026-35273: Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Mana

HIGHCVE-2026-46817EXPKEV

CVE-2026-46817: Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versi

CRITICALCVE-2026-35292

CVE-2026-35292: Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that

CRITICALCVE-2026-35301EXP

CVE-2026-35301: Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that

CRITICALCVE-2026-35278

CVE-2026-35278: Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Performance Monitor).

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 21, 2026

Discovered by ZDM

Apr 21, 2026

Updated: severity, activelyExploited, tags

Apr 22, 2026

Actively Exploited

Apr 22, 2026

Patch Available

Apr 22, 2026

Version History

v2

Last enriched 69d ago

v2Tier C69d ago

Updated severity to CRITICAL, marked as actively exploited, and added new tag 'improper authorization'.

severityactivelyExploitedtags

via VulDB

v169d ago

Initial creation