MySQL Shell DoS via CoreClient (8.0-8.0.45, 8.4-8.4.8, 9.0-9.6)
CVE-2026-34319 Published on April 21, 2026
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).
Vulnerability Analysis
CVE-2026-34319 can be exploited with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Observable Response Discrepancy
The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. This issue frequently occurs during authentication, where a difference in failed-login messages could allow an attacker to determine if the username is valid or not. These exposures can be inadvertent (bug) or intentional (design).
Products Associated with CVE-2026-34319
stack.watch emails you whenever new vulnerabilities are published in Oracle or Oracle Mysql Shell. Just hit a watch button to start following.
Affected Versions
Oracle Corporation MySQL Shell:- Version 8.0.0, <= 8.0.45 is affected.
- Version 8.4.0, <= 8.4.8 is affected.
- Version 9.0.0, <= 9.6.0 is affected.