Threat Intelligence Database

CVE-2026-46871 is a medium severity vulnerability in Oracle MySQL Shell (Shell for VS Code component) version 2026.2.0+9.6.1. It allows a low privileged attacker with network access via multiple protocols to compromise MySQL Shell, potentially gaining unauthorized access to critical or all accessible data. The vulnerability has a CVSS 3.1 base score of 6.5, reflecting high confidentiality impact but no integrity or availability impact. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update but has not explicitly stated a dedicated patch for this exact version in the advisory. Oracle strongly recommends applying the Critical Security Patch Update promptly and suggests mitigating risk by blocking required network protocols or removing unnecessary privileges until patches are applied.

CVE-2026-46870 is a high-severity vulnerability in Oracle MySQL Shell (component: Shell for VS Code) version 2026.2.0+9.6.1. It allows a low privileged attacker with network access via multiple protocols to compromise MySQL Shell, potentially leading to full takeover. The vulnerability has a CVSS 3.1 base score of 8.5, indicating high impact on confidentiality, integrity, and availability. The vulnerability also has scope change implications, potentially affecting additional products beyond MySQL Shell. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly confirmed patch availability for this specific version. Oracle strongly recommends applying Critical Security Patch Update patches promptly and suggests network-level mitigations until patches are applied.

CVE-2026-46869 is a vulnerability in Oracle MySQL Shell affecting versions 8.4.0 through 8.4.9 and 9.0.0 through 9.7.0. It allows an unauthenticated attacker with network access via multiple protocols to compromise MySQL Shell. Successful exploitation requires human interaction from a user other than the attacker. The vulnerability can lead to unauthorized access to critical or all data accessible by MySQL Shell. The CVSS 3.1 base score is 6.5, indicating a medium severity focused on confidentiality impact. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update, which provides patches for affected versions. Oracle strongly recommends applying these patches promptly to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or removing unnecessary privileges, though these may impact functionality.

CVE-2026-46850 is a critical vulnerability in Oracle MySQL Shell (component: Shell for VS Code) version 2026.2.0+9.6.1. It allows a low privileged attacker with network access via HTTP to compromise MySQL Shell, potentially leading to full takeover. The vulnerability has a CVSS 3.1 base score of 9.9, indicating high impact on confidentiality, integrity, and availability. Although the flaw is in MySQL Shell, exploitation may affect additional Oracle products. Oracle has released a Critical Security Patch Update addressing this and many other vulnerabilities, strongly urging customers to apply patches promptly. Until patched, risk reduction may be possible by blocking required network protocols or limiting user privileges, but these mitigations may impact functionality.