This vulnerability exists in the optimizer component of Oracle MySQL Server and affects multiple supported versions. It can be exploited by an attacker with high privileges and network access to cause the server to hang or crash repeatedly, resulting in a complete denial of service. The vulnerability does not allow unauthorized disclosure or modification of data. The April 2026 Oracle Critical Patch Update advisory lists this vulnerability among many others addressed in the update, indicating that Oracle has released patches for affected products, including MySQL Server. However, the advisory does not explicitly confirm the patch availability or remediation level for this specific CVE. Users should consult the Oracle advisory for detailed patch information and installation instructions.

Successful exploitation results in denial of service by causing the MySQL Server to hang or crash repeatedly. There is no impact on confidentiality or integrity. The vulnerability requires a high privileged attacker with network access and does not require user interaction. No known exploits in the wild have been reported.

Oracle has included this vulnerability in its April 2026 Critical Patch Update, which addresses multiple security issues across Oracle products including MySQL Server. Customers are strongly advised to apply the April 2026 Critical Patch Update promptly to mitigate this vulnerability. Patch status is not explicitly confirmed in the advisory content provided; therefore, users should review the Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for the latest patch availability and installation instructions. Maintaining up-to-date patches is critical as Oracle reports ongoing attempts to exploit vulnerabilities for which patches exist.