MySQL 8.0-8.0.45/8.4-8.4.8/9.0-9.6 Optimizer DoS: CVE-2026-22002 April 2026

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerability Analysis

CVE-2026-22002 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Products Associated with CVE-2026-22002

stack.watch emails you whenever new vulnerabilities are published in Oracle or Oracle MySQL. Just hit a watch button to start following.

MySQL 8.0-8.0.45/8.4-8.4.8/9.0-9.6 Optimizer DoS
CVE-2026-22002 Published on April 21, 2026

Vulnerability Analysis

Products Associated with CVE-2026-22002

Affected Versions

MySQL 8.0-8.0.45/8.4-8.4.8/9.0-9.6 Optimizer DoSCVE-2026-22002 Published on April 21, 2026

Vulnerability Analysis

Products Associated with CVE-2026-22002

Affected Versions

MySQL 8.0-8.0.45/8.4-8.4.8/9.0-9.6 Optimizer DoS
CVE-2026-22002 Published on April 21, 2026