CVE-2026-46869

MEDIUM

MySQL Shell 8.4.0-8.4.9 and 9.0.0-9.7.0 - Unauthenticated Unauthorized Data Access via Dump and Load

Title source: llm
STIX 2.1

Description

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Dump and Load). Supported versions that are affected are 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
Oracle Advisory
https://www.oracle.com/security-alerts/cspujun2026.html

Scores

CVSS v3 6.5
EPSS 0.0018
EPSS Percentile 7.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (3)
oracle/mysql_shell 8.4.0 - 8.4.9 (2 CPE variants)
Oracle Corporation/MySQL Shell 8.4.0 - 8.4.9
Oracle Corporation/MySQL Shell 9.0.0 - 9.7.0
Published Jun 17, 2026
Tracked Since Jun 17, 2026