CVE-2016-5541 in MySQL Cluster
Summary
by MITRE
Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 4.8 (Integrity and Availability impacts).
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/15/2026
The vulnerability identified as CVE-2016-5541 resides within the MySQL Cluster component of Oracle MySQL, specifically affecting the NDBAPI subcomponent that governs the NDB (Network Database) storage engine. This flaw impacts multiple version ranges including 7.2.26 and earlier, 7.3.14 and earlier, and 7.4.12 and earlier, indicating a prolonged period of exposure across the MySQL Cluster product line. The vulnerability's classification as difficult to exploit suggests that while it requires some level of technical expertise or specific conditions to be successfully leveraged, it remains a significant security concern due to its potential to be weaponized by determined attackers. The attack vector requires unauthenticated network access via multiple protocols, making it particularly dangerous as it can be exploited without requiring valid credentials or prior access to the system.
The technical nature of this vulnerability stems from inadequate access controls and authentication mechanisms within the NDBAPI component of MySQL Cluster, allowing attackers to gain unauthorized access to database operations. The flaw enables attackers to perform unauthorized update, insert, or delete operations against specific portions of the MySQL Cluster data, creating a serious integrity risk. Additionally, the vulnerability can be exploited to cause partial denial of service conditions, where attackers can disrupt database operations and compromise the availability of critical services. The CVSS v3.0 base score of 4.8 reflects the balanced severity of both integrity and availability impacts, with the integrity component being particularly concerning as it allows data modification without authorization. This vulnerability aligns with CWE-284 (Improper Access Control) and represents a significant weakness in the cluster's security architecture that could be leveraged for data corruption or service disruption.
The operational impact of CVE-2016-5541 extends beyond simple data compromise as it can result in partial denial of service conditions that affect database availability and system reliability. Organizations relying on MySQL Cluster for critical data operations face potential business disruption when this vulnerability is exploited, particularly in environments where database integrity and continuous availability are paramount. The partial denial of service aspect means that while the entire system may not be completely brought down, enough functionality can be compromised to impact business operations and service delivery. Attackers could potentially target specific database segments or tables, making the impact more focused but no less damaging to the organization's data integrity and operational continuity.
Mitigation strategies for CVE-2016-5541 should prioritize immediate patching of affected MySQL Cluster versions to the latest available releases that contain fixes for this vulnerability. Organizations should implement network segmentation and access controls to limit exposure of MySQL Cluster services to only trusted networks and systems. The principle of least privilege should be enforced by restricting network access to MySQL Cluster components and implementing strong firewall rules that limit the protocols and ports accessible to external networks. Additionally, monitoring and logging should be enhanced to detect suspicious network activity or unauthorized database access attempts that might indicate exploitation of this vulnerability. Network intrusion detection systems should be configured to alert on unusual database access patterns or protocol violations that could indicate exploitation attempts. Regular security assessments and vulnerability scanning should be conducted to identify any remaining exposure and ensure that all systems are properly patched and configured according to security best practices.