CVE-2026-21937 in MySQL Server
Summary
by MITRE • 01/21/2026
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/24/2026
This vulnerability resides within the MySQL Server's Data Definition Language (DDL) component, specifically affecting Oracle MySQL versions across three major release streams including 8.0.0 through 8.0.44, 8.4.0 through 8.4.7, and 9.0.0 through 9.5.0. The flaw manifests as a denial of service condition that can be exploited by attackers possessing high privileges and network access through multiple protocols. The vulnerability's classification as easily exploitable indicates that minimal technical sophistication is required to leverage the weakness, making it particularly concerning for production environments where MySQL servers handle critical database operations. The CVSS 3.1 scoring system assigns a base score of 4.9, which reflects a moderate severity level with significant availability impact as indicated by the 'A:H' designation.
The technical nature of this vulnerability involves a flaw within the server's DDL processing mechanisms that can trigger system instability when specific database operations are performed. When exploited, the vulnerability enables attackers to cause either a complete hang or frequent crashes of the MySQL server instance, effectively rendering the database service unavailable to legitimate users and applications. This type of vulnerability directly impacts the availability aspect of the CIA triad and can be categorized under CWE-121 as a buffer overflow or memory corruption issue that leads to system instability. The attack vector requires network access with high privileges, suggesting that the vulnerability may be exploitable through authenticated sessions or through lateral movement within a network where attackers have already established elevated access.
The operational impact of this vulnerability extends beyond simple service disruption, as database unavailability can cascade into broader system failures throughout applications that depend on MySQL for data persistence. Organizations running affected MySQL versions face potential business disruption, data access limitations, and increased incident response requirements when this vulnerability is exploited. The complete denial of service condition can result in extended downtime for database services, potentially affecting multiple applications simultaneously. From an ATT&CK framework perspective, this vulnerability aligns with techniques involving service stoppage and system resource exhaustion, specifically mapping to tactics such as privilege escalation and denial of service. The vulnerability's presence in multiple version streams indicates a persistent flaw in the MySQL Server's DDL handling that requires comprehensive patch management across affected releases.
Organizations should immediately implement mitigation strategies including applying the latest security patches from Oracle, implementing network segmentation to limit access to MySQL servers, and monitoring for unusual network activity or service disruptions. Database administrators should consider implementing additional access controls and privilege management to minimize the attack surface for high-privilege accounts. The vulnerability's classification as affecting multiple major release versions emphasizes the importance of comprehensive vulnerability management processes that cover all supported MySQL versions. Regular security assessments and penetration testing should be conducted to identify and remediate similar weaknesses in database infrastructure components. System monitoring should include detection of service instability patterns that could indicate exploitation attempts, with alerting mechanisms configured to notify security teams of potential compromise events.