CVE-2026-34319: Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. in Oracle Corporation MySQL Shell
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).
AI Analysis
Technical Summary
This vulnerability in Oracle MySQL Shell (component: Shell: Core Client) affects multiple supported versions and allows a low privileged attacker with access to the infrastructure to cause a hang or repeated crash of MySQL Shell, resulting in a denial of service. Exploitation requires user interaction from a third party. The CVSS 3.1 base score is 5.0, reflecting a medium severity with impact limited to availability. The vulnerability is documented in Oracle's April 2026 Critical Patch Update advisory, which addresses numerous security issues across Oracle products including MySQL Shell. The advisory strongly recommends applying the Critical Patch Update but does not explicitly state the patch status for this specific vulnerability.
Potential Impact
Successful exploitation can cause a hang or frequent crash of MySQL Shell, resulting in a complete denial of service. There is no impact on confidentiality or integrity. The attack requires a low privileged attacker with logon access and human interaction from another user, limiting the ease of exploitation. No known active exploits have been reported.
Mitigation Recommendations
Oracle's April 2026 Critical Patch Update advisory includes security patches for MySQL Shell and strongly recommends applying these updates promptly. Although the advisory does not explicitly confirm a patch for CVE-2026-34319, it is advisable to apply the April 2026 Critical Patch Update to address this and other vulnerabilities. Organizations should ensure they remain on actively supported versions and apply Oracle's Critical Patch Updates without delay. Patch status is not yet explicitly confirmed for this vulnerability; check Oracle's advisory for the latest remediation guidance.
CVE-2026-34319: Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. in Oracle Corporation MySQL Shell
Description
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in Oracle MySQL Shell (component: Shell: Core Client) affects multiple supported versions and allows a low privileged attacker with access to the infrastructure to cause a hang or repeated crash of MySQL Shell, resulting in a denial of service. Exploitation requires user interaction from a third party. The CVSS 3.1 base score is 5.0, reflecting a medium severity with impact limited to availability. The vulnerability is documented in Oracle's April 2026 Critical Patch Update advisory, which addresses numerous security issues across Oracle products including MySQL Shell. The advisory strongly recommends applying the Critical Patch Update but does not explicitly state the patch status for this specific vulnerability.
Potential Impact
Successful exploitation can cause a hang or frequent crash of MySQL Shell, resulting in a complete denial of service. There is no impact on confidentiality or integrity. The attack requires a low privileged attacker with logon access and human interaction from another user, limiting the ease of exploitation. No known active exploits have been reported.
Mitigation Recommendations
Oracle's April 2026 Critical Patch Update advisory includes security patches for MySQL Shell and strongly recommends applying these updates promptly. Although the advisory does not explicitly confirm a patch for CVE-2026-34319, it is advisable to apply the April 2026 Critical Patch Update to address this and other vulnerabilities. Organizations should ensure they remain on actively supported versions and apply Oracle's Critical Patch Updates without delay. Patch status is not yet explicitly confirmed for this vulnerability; check Oracle's advisory for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-03-26T19:48:45.681Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","vendor":"Oracle"}]
Threat ID: 69e7e5ab19fe3cd2cdf9fa07
Added to database: 4/21/2026, 9:01:31 PM
Last enriched: 4/21/2026, 9:33:09 PM
Last updated: 4/22/2026, 7:34:08 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.