CVE-2026-46870 – MySQL Server, MySQL NDB Cluster, MySQL Router & MySQL Shell

CVSS 8.5 IMPORTANT Critical or Zero Day – Immediate Deployment

“When critical database infrastructure vulnerabilities stack up, the risk extends far beyond the database itself.”

This patch addresses multiple vulnerabilities across Oracle MySQL Server, MySQL NDB Cluster, MySQL Router, and MySQL Shell. These components form the foundation of many enterprise database environments, supporting data storage, routing, clustering, administration, and management functions. The update includes both Critical and High severity vulnerabilities affecting key parts of the MySQL ecosystem.

CVE-2026-46863 has a CVSS score of 7.5, which is High severity. CVE-2026-46861 has a CVSS score of 9.6, which is Critical severity. CVE-2026-46860 has a CVSS score of 9.8, which is Critical severity. CVE-2026-46862 has a CVSS score of 7.5, which is High severity. CVE-2026-46850 has a CVSS score of 9.9, which is Critical severity. CVE-2026-46870 has a CVSS score of 8.5, which is High severity.

The most severe vulnerabilities affect MySQL Shell, MySQL Router, and MySQL NDB Cluster, with CVSS scores ranging from 9.6 to 9.9. No verified exploitation has been reported. However, the concentration of Critical severity vulnerabilities across core database infrastructure makes this a high-priority update for organizations operating MySQL environments.

Key Details

Affected Product
Oracle Mysql Shell
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
CWE Classification
CWE-284
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.