MySQL Server InfoSchema Priv Esc before 8.0.46
CVE-2026-22015 Published on April 21, 2026
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Vulnerability Analysis
CVE-2026-22015 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2026-22015 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2026-22015
stack.watch emails you whenever new vulnerabilities are published in Oracle or Oracle MySQL. Just hit a watch button to start following.
Affected Versions
Oracle Corporation MySQL Server:- Version 8.0.0, <= 8.0.45 is affected.
- Version 8.4.0, <= 8.4.8 is affected.
- Version 9.0.0, <= 9.6.0 is affected.