SecuriTricks - CVE-2026-34318

Description

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Shell. While the vulnerability is in MySQL Shell, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).

Product(s) Impacted

Vendor	Product	Versions
Oracle	Mysql Shell	8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	oracle	mysql_shell	8.0.0-8.0.45	/	/	/	/	/	/	/
a	oracle	mysql_shell	8.4.0-8.4.8	/	/	/	/	/	/	/
a	oracle	mysql_shell	9.0.0-9.6.0	/	/	/	/	/	/	/

References

https://www.oracle.com/security-alerts/cpuapr2026.html

CVSS Score

5.8 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: HIGH
Privileges Required: HIGH
Scope: CHANGED
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

View Vector String

Timeline

Published: April 21, 2026, 9:16 p.m.
Last Modified: April 22, 2026, 9:24 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-34318