MySQL Shell Core Client DOS 8.0-45, 8.4-8, 9.0-9.6
CVE-2026-34317 Published on April 21, 2026
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).
Vulnerability Analysis
CVE-2026-34317 can be exploited with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Improper Resource Shutdown or Release
The program does not release or incorrectly releases a resource before it is made available for re-use. When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.
Products Associated with CVE-2026-34317
stack.watch emails you whenever new vulnerabilities are published in Oracle or Oracle Mysql Shell. Just hit a watch button to start following.
Affected Versions
Oracle Corporation MySQL Shell:- Version 8.0.0, <= 8.0.45 is affected.
- Version 8.4.0, <= 8.4.8 is affected.
- Version 9.0.0, <= 9.6.0 is affected.