Scope
The broader MySQL Community Edition product set includes MySQL Server, MySQL Cluster, MySQL Shell, MySQL Workbench, and MySQL Connectors. Based on the affected rows shown in the April 2026 Oracle MySQL Risk Matrix, the MySQL Community Edition products represented on this page are:
MySQL Server
MySQL Cluster
MySQL Shell
MySQL Workbench
How to use this page
- Use the Product column to confirm that the row applies to a Community-distributed component.
- Use Supported Versions Affected as the vulnerable version range, not the fixed version.
- Use the CVE, component, protocol, exploitability, and CVSS columns to determine exposure and severity.
- Use the corresponding MySQL Community release documentation to identify the release that contains the fix.
Summary
MySQL Community Edition rows
32
Affected product families
4
Remote exploitable without auth
2
Enterprise rows not shown here
2
Counts above reflect only the MySQL Community Edition rows represented on this page from the April 2026 Oracle MySQL Risk Matrix.
Affected MySQL Community Edition products and vulnerable version ranges
- MySQL Server: 8.0.0–8.0.45, 8.4.0–8.4.8, 9.0.0–9.6.0
- MySQL Workbench: 8.0.0–8.0.46
- MySQL Cluster: 8.0.0–8.0.44, 8.4.0–8.4.7, 9.0.0–9.5.0
- MySQL Shell: 8.0.0–8.0.45, 8.4.0–8.4.8, 9.0.0–9.6.0
MySQL Community Edition vulnerability details
| CVE | Product | Component | Protocol | Remote without Auth | CVSS | Supported Versions Affected | Notes |
|---|---|---|---|---|---|---|---|
| CVE-2025-15467 | MySQL Server | Server: Packaging (OpenSSL) | MySQL Protocol | Yes | 9.8 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2025-15467 | MySQL Workbench | MySQL Workbench (OpenSSL) | MySQL Workbench | Yes | 9.8 | 8.0.0-8.0.46 | |
| CVE-2026-34270 | MySQL Server | Server: Group Replication Plugin | MySQL Protocol | No | 6.5 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-34271 | MySQL Server | Server: Group Replication Plugin | MySQL Protocol | No | 6.5 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-34276 | MySQL Server | Server: Group Replication Plugin | MySQL Protocol | No | 6.5 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-34308 | MySQL Server | Server: JSON | MySQL Protocol | No | 6.5 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-22009 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 6.5 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-22017 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 6.5 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-34272 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 6.5 | 9.0.0-9.6.0 | |
| CVE-2026-34303 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 6.5 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2025-14017 | MySQL Server | Server: Packaging (curl) | None | No | 6.3 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | Patch also addresses CVE-2025-13034, CVE-2025-14524, CVE-2025-14819, CVE-2025-15079, and CVE-2025-15224. |
| CVE-2026-34318 | MySQL Shell | Shell: Core Client | Multiple | No | 5.8 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2025-5318 | MySQL Cluster | Cluster: General (libssh) | Multiple | No | 5.4 | 8.0.0-8.0.44, 8.4.0-8.4.7, 9.0.0-9.5.0 | Patch also addresses CVE-2025-4877, CVE-2025-4878, CVE-2025-5351, CVE-2025-5372, CVE-2025-5449, and CVE-2025-5987. |
| CVE-2026-34317 | MySQL Shell | Shell: Core Client | None | No | 5.0 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-34319 | MySQL Shell | Shell: Core Client | None | No | 5.0 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-22004 | MySQL Server | InnoDB | MySQL Protocol | No | 4.9 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-34304 | MySQL Server | InnoDB | MySQL Protocol | No | 4.9 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-35236 | MySQL Server | InnoDB | MySQL Protocol | No | 4.9 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-35237 | MySQL Server | InnoDB | MySQL Protocol | No | 4.9 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-35238 | MySQL Server | InnoDB | MySQL Protocol | No | 4.9 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-34293 | MySQL Server | Server: DML | MySQL Protocol | No | 4.9 | 8.0.0-8.0.45 | |
| CVE-2026-35239 | MySQL Server | Server: DML | MySQL Protocol | No | 4.9 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-35235 | MySQL Server | Server: GIS | MySQL Protocol | No | 4.9 | 9.0.0-9.6.0 | |
| CVE-2026-21998 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 4.9 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-22005 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 4.9 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-22002 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 4.9 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-34267 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 4.9 | 8.0.0-8.0.45 | |
| CVE-2026-34278 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 4.9 | 8.0.0-8.0.45 | |
| CVE-2026-35240 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 4.9 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-35234 | MySQL Server | Server: Partition | MySQL Protocol | No | 4.9 | 9.0.0-9.6.0 | |
| CVE-2026-22015 | MySQL Server | Server: Information Schema | MySQL Protocol | No | 4.3 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 | |
| CVE-2026-22001 | MySQL Server | Server: Information Schema | MySQL Protocol | No | 2.7 | 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 |