ThreatLevelBeta
Planned Fix

CVE-2026-3547

DoS in MySQL Server Pluggable Authentication
Loading...

Summary

A denial-of-service vulnerability in Oracle MySQL Server's Pluggable Authentication component affects versions 9.0.0 to 9.5.0. The flaw can be triggered by a high-privileged attacker with network access, causing partial outages of MySQL Server. There is no confidentiality or integrity impact; patches are available via Oracle's January 2026 CPU. (CVE-2026-3547 / EUVD-2026-3547).

Why Planned Fix?

1/6
Authentication required
Deployment unknown
No user interaction needed
Not exploitable in default configuration
No active exploitation or PoC
Not a high impact vulnerability

Exploitation Details

Type
Unknown
Is exploitable with default configuration?
No
Is authentication needed?
Yes
PoC / Exploit
No
Impact

Partial denial of service of MySQL Server; attacker with high privileges and network access can cause availability disruption.

Exploitation Requirements
  • Authentication required
  • High-privilege credentials
  • network access to affected MySQL Server
  • access to the Pluggable Authentication component
  • target version 9.0.0-9.5.0
Exploitation Process

Exploitation would involve a high-privilege user with network access crafting inputs to trigger resource exhaustion in the Pluggable Auth module of MySQL Server, resulting in partial service disruption. Public PoCs have not been reported.

Detection Resources
Manual Detection
0
Script Detection
0
Scanner Detection
0

Affected Software

Vendor:Oracle
ProductAffected Versions
MySQL Server9.0.0-9.5.0
Description

MySQL Server is an open-source relational database management system developed by Oracle that supports SQL-based data storage and retrieval; widely used in enterprise environments.

Deployment:
|
Protocol:TCP
|
Ports:3306
Affected ComponentMySQL Server Pluggable Authentication component (Pluggable Auth)

MySQL Server Pluggable Authentication component (Pluggable Auth)

Affected Endpoints(1)https://dev.mysql.com/doc/mysql-8.0-en/pluggable-authentication.html
1.https://dev.mysql.com/doc/mysql-8.0-en/pluggable-authentication.html
Enterprise UsageEstimated likelihood that this vendor/product is deployed in enterprise environments. AI-generated estimation based on market presence, product type and adoption signals — not exact data.
Very Low
Low
Medium
High
Very High
Vendor Size:Big
Remediation
Workaround

Not available

Patch

Not available

Update

Not available

Threat Intelligence
EPSS Score0.1%

Probability of exploitation in the next 30 days

EPSS Percentile15%

Worse than 15% of all CVEs

CISAKEV
CISA KEV
Not Listed
Active Exploitation
No Evidence
Threat Actors

No known threat actors

Detection Rules

No detection rules available

NVD Data

Published: Loading...Modified: Loading...

Description Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts).

CVSS Base Score

2.7
Low

CVSS Vector (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)

Attack Vector (AV)
Physical
Local
Adjacent
Network
Attack Complexity (AC)
High
Low
Privileges Required (PR)
High
Low
None
User Interaction (UI)
Required
None
Scope (S)
Unchanged
Changed
Confidentiality (C)
None
Low
High
Integrity (I)
None
Low
High
Availability (A)
None
Low
High
CWE:
|
NVD:CVE-2026-3547
|
Version From:9.0.0
|
Version Upto:9.5.0

Affected Software (CPE) (1)

  • cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*

Sources

4
SourceArticle
nvd.nist.govhttps://nvd.nist.gov/vuln/detail/CVE-2026-21965
www.cvedetails.comhttps://www.cvedetails.com/cve/CVE-2026-21965/
www.oracle.comhttps://www.oracle.com/security-alerts/cpujan2026.html
feedly.comhttps://feedly.com/cve/CVE-2026-21965

Priority History

Planned FixLoading...

Initial analysis