CVE-2026-46870: Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Shell. While the vulnerability is in MySQL Shell, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Shell. in Oracle Corporation MySQL Shell
CVE-2026-46870 is a high-severity vulnerability in Oracle MySQL Shell (component: Shell for VS Code) version 2026.2.0+9.6.1. It allows a low privileged attacker with network access via multiple protocols to compromise MySQL Shell, potentially leading to full takeover. The vulnerability has a CVSS 3.1 base score of 8.5, indicating high impact on confidentiality, integrity, and availability. The vulnerability also has scope change implications, potentially affecting additional products beyond MySQL Shell. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly confirmed patch availability for this specific version. Oracle strongly recommends applying Critical Security Patch Update patches promptly and suggests network-level mitigations until patches are applied.
AI Analysis
Technical Summary
CVE-2026-46870 is a vulnerability in Oracle MySQL Shell (Shell for VS Code) version 2026.2.0+9.6.1 that allows a low privileged attacker with network access via multiple protocols to compromise the MySQL Shell. The vulnerability has a CVSS 3.1 score of 8.5 with high confidentiality, integrity, and availability impacts and a scope change affecting additional products. The vulnerability is difficult to exploit and requires high attack complexity but no user interaction. Oracle has published this vulnerability in its June 2026 Critical Security Patch Update advisory, which includes 245 security patches across multiple Oracle products, including MySQL Shell versions 8.4.0-8.4.9, 9.0.0-9.7.0, and 2026.2.0+9.6.1. The advisory strongly recommends applying the patches as soon as possible. Until patches are applied, risk reduction may be possible by blocking network protocols required for exploitation or removing unnecessary privileges from users, although these mitigations may impact functionality.
Potential Impact
Successful exploitation of CVE-2026-46870 can result in full takeover of the MySQL Shell, impacting confidentiality, integrity, and availability of the affected system. The vulnerability also has scope change implications, meaning that exploitation may affect additional Oracle products beyond MySQL Shell. The attack requires network access and low privileges but has high attack complexity. There are no known exploits in the wild at this time.
Mitigation Recommendations
Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly confirmed patch availability for version 2026.2.0+9.6.1. Customers are strongly advised to apply the June 2026 Critical Security Patch Update promptly to address this and other vulnerabilities. Until patches are applied, risk can be reduced by blocking network protocols required for exploitation and by removing unnecessary privileges from users who do not require them. These mitigations may impact application functionality and should be tested accordingly. Patch status is not yet confirmed for this specific version—check the Oracle advisory for current remediation guidance.
CVE-2026-46870: Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Shell. While the vulnerability is in MySQL Shell, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Shell. in Oracle Corporation MySQL Shell
Description
CVE-2026-46870 is a high-severity vulnerability in Oracle MySQL Shell (component: Shell for VS Code) version 2026.2.0+9.6.1. It allows a low privileged attacker with network access via multiple protocols to compromise MySQL Shell, potentially leading to full takeover. The vulnerability has a CVSS 3.1 base score of 8.5, indicating high impact on confidentiality, integrity, and availability. The vulnerability also has scope change implications, potentially affecting additional products beyond MySQL Shell. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly confirmed patch availability for this specific version. Oracle strongly recommends applying Critical Security Patch Update patches promptly and suggests network-level mitigations until patches are applied.
CVSS v3.1
Score 8.5high
Affected software
pkg:github/mysql/mysql-shellRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-46870 is a vulnerability in Oracle MySQL Shell (Shell for VS Code) version 2026.2.0+9.6.1 that allows a low privileged attacker with network access via multiple protocols to compromise the MySQL Shell. The vulnerability has a CVSS 3.1 score of 8.5 with high confidentiality, integrity, and availability impacts and a scope change affecting additional products. The vulnerability is difficult to exploit and requires high attack complexity but no user interaction. Oracle has published this vulnerability in its June 2026 Critical Security Patch Update advisory, which includes 245 security patches across multiple Oracle products, including MySQL Shell versions 8.4.0-8.4.9, 9.0.0-9.7.0, and 2026.2.0+9.6.1. The advisory strongly recommends applying the patches as soon as possible. Until patches are applied, risk reduction may be possible by blocking network protocols required for exploitation or removing unnecessary privileges from users, although these mitigations may impact functionality.
Potential Impact
Successful exploitation of CVE-2026-46870 can result in full takeover of the MySQL Shell, impacting confidentiality, integrity, and availability of the affected system. The vulnerability also has scope change implications, meaning that exploitation may affect additional Oracle products beyond MySQL Shell. The attack requires network access and low privileges but has high attack complexity. There are no known exploits in the wild at this time.
Mitigation Recommendations
Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly confirmed patch availability for version 2026.2.0+9.6.1. Customers are strongly advised to apply the June 2026 Critical Security Patch Update promptly to address this and other vulnerabilities. Until patches are applied, risk can be reduced by blocking network protocols required for exploitation and by removing unnecessary privileges from users who do not require them. These mitigations may impact application functionality and should be tested accordingly. Patch status is not yet confirmed for this specific version—check the Oracle advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-05-18T15:55:10.308Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","vendor":"Oracle"}]
Threat ID: 6a31b61e0b89be6888265ba2
Added to database: 6/16/2026, 8:46:22 PM
Last enriched: 6/16/2026, 10:00:09 PM
Last updated: 6/17/2026, 4:19:31 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.