Scope
The broader MySQL Community Edition product set includes MySQL Server, MySQL Cluster, MySQL Shell, MySQL Router, MySQL NDB Cluster, MySQL Workbench, and MySQL Connectors. Based on the affected rows shown in the June 2026 Oracle MySQL Risk Matrix, the MySQL Community Edition products represented on this page are:
MySQL Server
MySQL Cluster
MySQL NDB Cluster
MySQL Router
MySQL Shell
How to use this page
- Use the Product column to confirm that the row applies to a Community-distributed component.
- Use Supported Versions Affected as the vulnerable version range, not the fixed version.
- Use the CVE, component, protocol, exploitability, and CVSS columns to determine exposure and severity.
- Use the corresponding MySQL Community release documentation to identify the release that contains the fix.
Summary
MySQL Community Edition rows
8
Affected product families
5
Remote exploitable without auth
4
Highest CVSS base score
9.9
Counts above reflect only the MySQL Community Edition rows represented on this page from the June 2026 Oracle MySQL Risk Matrix.
Affected MySQL Community Edition products and vulnerable version ranges
- MySQL Shell: 8.4.0-8.4.9, 9.0.0-9.7.0; Shell for VS Code: 2026.5.0+9.7.0
- MySQL Router: 8.4.0-8.4.9, 9.0.0-9.7.0
- MySQL NDB Cluster: 8.0.11-8.0.46, 8.4.0-8.4.9, 9.0.0-9.7.0
- MySQL Server: 8.4.0-8.4.9, 9.0.0-9.7.0
- MySQL Cluster: 8.0.11-8.0.46, 8.4.0-8.4.9, 9.0.0-9.7.0
MySQL Community Edition vulnerability details
| CVE ID | Product | Component | Protocol | Remote Exploit without Auth.? | Base Score | Attack Vector | Attack Complex | Privs Req'd | User Interact | Scope | Confidentiality | Integrity | Availability | Supported Versions Affected | Notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CVE-2026-46850 39274242 |
MySQL Shell | Shell for VS Code | HTTP | No | 9.9 | Network | Low | Low | None | Changed | High | High | High | 2026.5.0+9.7.0 | |
| CVE-2026-46860 39361224 |
MySQL Router | Router: General | HTTP | Yes | 9.8 | Network | Low | None | None | Unchanged | High | High | High | 9.0.0-9.7.0 | |
| CVE-2026-46861 39310827 |
MySQL NDB Cluster | Cluster: NDB Operator | HTTP | No | 9.6 | Network | Low | Low | None | Changed | High | High | None | 8.0.11-8.0.46, 8.4.0-8.4.9, 9.0.0-9.7.0 | |
| CVE-2026-46870 39247269 |
MySQL Shell | Shell for VS Code | MySQL Protocol | No | 8.5 | Network | High | Low | None | Changed | High | High | High | 2026.5.0+9.7.0 | |
| CVE-2026-46862 39204635 |
MySQL Router | Router: General | TLS | Yes | 7.5 | Network | Low | None | None | Unchanged | None | None | High | 8.4.0-8.4.9, 9.0.0-9.7.0 | |
| CVE-2026-46863 39116965 |
MySQL Server, MySQL Cluster | Server: Connection Handling | MySQL Protocol | Yes | 7.5 | Network | Low | None | None | Unchanged | None | None | High | MySQL Server: 8.4.0-8.4.9, 9.0.0-9.7.0; MySQL Cluster: 8.0.11-8.0.46, 8.4.0-8.4.9, 9.0.0-9.7.0 | |
| CVE-2026-46871 39253274 |
MySQL Shell | Shell for VS Code | MySQL Protocol | No | 6.5 | Network | Low | Low | None | Unchanged | High | None | None | 2026.5.0+9.7.0 | |
| CVE-2026-46869 39250506 |
MySQL Shell | Shell: Dump and Load | MySQL Protocol | Yes | 6.5 | Network | Low | None | Required | Unchanged | High | None | None | 8.4.0-8.4.9, 9.0.0-9.7.0 |