CVE-2026-34318: MySQL Shell Prior to 9.6.1 Priv Esc via Core Client
CVE-2026-34318 Published on April 21, 2026
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Shell. While the vulnerability is in MySQL Shell, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).
Vulnerability Analysis
CVE-2026-34318 is exploitable with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2026-34318 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2026-34318
stack.watch emails you whenever new vulnerabilities are published in Oracle or Oracle Mysql Shell. Just hit a watch button to start following.
Affected Versions
Oracle Corporation MySQL Shell:- Version 8.0.0, <= 8.0.45 is affected.
- Version 8.4.0, <= 8.4.8 is affected.
- Version 9.0.0, <= 9.6.0 is affected.