CVE-2026-34317: Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. in Oracle Corporation MySQL Shell
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).
AI Analysis
Technical Summary
This vulnerability in Oracle MySQL Shell (component: Shell: Core Client) permits a low privileged attacker who has logged on to the system running MySQL Shell to cause a hang or repeated crash, resulting in a complete denial of service. Exploitation requires user interaction from a third party. The affected versions include 8.0.0 to 8.0.45, 8.4.0 to 8.4.8, and 9.0.0 to 9.6.0. The CVSS 3.1 base score is 5.0, reflecting a medium severity with an impact limited to availability (no confidentiality or integrity impact). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The vulnerability scope is unchanged (S:U). Oracle's April 2026 Critical Patch Update advisory references MySQL Shell among many other products but does not explicitly state a dedicated patch or fix for this vulnerability in the provided content.
Potential Impact
Successful exploitation results in unauthorized denial of service by causing MySQL Shell to hang or crash repeatedly. This disrupts availability of MySQL Shell but does not compromise confidentiality or integrity of data. The attack requires local access with low privileges and user interaction from another person, limiting the ease of exploitation. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Oracle's April 2026 Critical Patch Update advisory includes MySQL Shell in the list of affected products but does not explicitly confirm a patch or remediation for CVE-2026-34317 in the provided advisory content. Therefore, patch status is not yet confirmed—check the Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for the latest remediation guidance. Oracle strongly recommends applying Critical Patch Updates promptly when available. Until a patch is confirmed, limit local access to MySQL Shell infrastructure and educate users to avoid interacting with untrusted inputs or prompts that could trigger this vulnerability.
CVE-2026-34317: Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. in Oracle Corporation MySQL Shell
Description
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Oracle MySQL Shell (component: Shell: Core Client) permits a low privileged attacker who has logged on to the system running MySQL Shell to cause a hang or repeated crash, resulting in a complete denial of service. Exploitation requires user interaction from a third party. The affected versions include 8.0.0 to 8.0.45, 8.4.0 to 8.4.8, and 9.0.0 to 9.6.0. The CVSS 3.1 base score is 5.0, reflecting a medium severity with an impact limited to availability (no confidentiality or integrity impact). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The vulnerability scope is unchanged (S:U). Oracle's April 2026 Critical Patch Update advisory references MySQL Shell among many other products but does not explicitly state a dedicated patch or fix for this vulnerability in the provided content.
Potential Impact
Successful exploitation results in unauthorized denial of service by causing MySQL Shell to hang or crash repeatedly. This disrupts availability of MySQL Shell but does not compromise confidentiality or integrity of data. The attack requires local access with low privileges and user interaction from another person, limiting the ease of exploitation. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Oracle's April 2026 Critical Patch Update advisory includes MySQL Shell in the list of affected products but does not explicitly confirm a patch or remediation for CVE-2026-34317 in the provided advisory content. Therefore, patch status is not yet confirmed—check the Oracle advisory at https://www.oracle.com/security-alerts/cpuapr2026.html for the latest remediation guidance. Oracle strongly recommends applying Critical Patch Updates promptly when available. Until a patch is confirmed, limit local access to MySQL Shell infrastructure and educate users to avoid interacting with untrusted inputs or prompts that could trigger this vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-03-26T19:48:45.681Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","vendor":"Oracle"}]
Threat ID: 69e7e5ab19fe3cd2cdf9fa01
Added to database: 4/21/2026, 9:01:31 PM
Last enriched: 4/21/2026, 9:33:24 PM
Last updated: 4/22/2026, 6:04:57 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.