CVE-2026-46860
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk39th percentile — higher than 39% of all known CVEs
Summary
Vulnerability in the MySQL Router product of Oracle MySQL allows an unauthenticated attacker with network access via HTTP to compromise MySQL Router. Affected versions are 9.0.0-9.7.0.
Risk Assessment
An attacker can remotely take control of MySQL Router, leading to serious threats to the confidentiality, integrity, and availability of data.
Recommendation
It is recommended to update MySQL Router to the latest version to mitigate this vulnerability and implement appropriate security measures for network access.
Original NVD description (English source)
Vulnerability in the MySQL Router product of Oracle MySQL (component: Router: General). Supported versions that are affected are 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MySQL Router. Successful attacks of this vulnerability can result in takeover of MySQL Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

