CVE-2022-21600 in MySQL Server
Summary
by MITRE • 10/19/2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 04/26/2026
The vulnerability identified as CVE-2022-21600 represents a critical security flaw within Oracle MySQL Server's optimizer component, affecting versions 8.0.27 and earlier. This vulnerability resides in the server's query optimization engine, which is responsible for determining the most efficient execution plan for database queries. The flaw manifests as a privilege escalation issue that can be exploited by attackers with high privileges, specifically those who already possess network access to the MySQL server through multiple communication protocols. The CVSS score of 7.2 indicates a serious threat level with high impacts across all three core security principles: confidentiality, integrity, and availability. The vulnerability's classification as easily exploitable means that sophisticated attackers with minimal effort can leverage this weakness to gain complete control over the affected MySQL server instance.
The technical nature of this vulnerability stems from improper handling of certain optimizer operations that can be manipulated by an authenticated user with elevated privileges. The attack vector requires the adversary to already possess high-privilege access to the system, which typically includes administrative or root-level database user accounts. However, the combination of network access and high privilege status creates a dangerous scenario where attackers can execute code remotely and potentially gain complete system control. This flaw operates within the MySQL Server's core optimization routines, which are critical components responsible for query execution planning and resource allocation. The vulnerability's impact extends beyond simple data compromise as it can lead to full system takeover, allowing attackers to manipulate, destroy, or exfiltrate all database content while potentially establishing persistent access to the underlying infrastructure.
The operational consequences of successful exploitation of CVE-2022-21600 are severe and multifaceted, affecting database integrity, business continuity, and overall enterprise security posture. Organizations running affected MySQL versions face significant risk of unauthorized data access, data corruption, and potential service disruption that can impact critical business applications relying on database operations. The vulnerability's potential for complete server compromise means that attackers can manipulate database configurations, create backdoors, or establish persistent access points for future exploitation attempts. This type of vulnerability aligns with ATT&CK technique T1078.004 which covers legitimate credentials and abuse of privileges, and CWE-284 which addresses improper access control within database systems. The impact on availability is particularly concerning as database downtime can cascade into broader business operations, while integrity compromise can lead to data manipulation and loss of trust in critical systems.
Organizations should immediately implement mitigation strategies including prompt patching of affected MySQL Server installations to version 8.0.28 or later, which contains the necessary security fixes. Network segmentation and access control measures should be strengthened to limit exposure of database servers to untrusted networks, while monitoring systems should be enhanced to detect anomalous query patterns that might indicate exploitation attempts. Database administrators should conduct comprehensive privilege reviews to ensure that only necessary users maintain high-privilege accounts, and implement principle of least privilege access controls. The vulnerability's classification as a privilege escalation issue means that organizations should also consider implementing additional security controls such as database activity monitoring, intrusion detection systems, and regular security assessments. Furthermore, administrators should review and test their incident response procedures to ensure preparedness for potential exploitation scenarios, as this vulnerability can enable attackers to establish persistent access and conduct long-term reconnaissance activities within the database environment.