VDB
CVE-2026-21929
CVE-2026-21929
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 9.0.0-9.5.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
EPSS 0.07% · 21.3th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.07%
21.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle Corporation | MySQL Server | 9.0.0 |
| oracle | mysql_server | 9.0.0, 9.0.0 |
Exploit Intelligence
- CIRCL seen: CVE-2026-21929 (circl-sighting)
- Oracle Advisory (circl)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
…and 4 more exploits
Timeline
- CVE Published
- Jan 21, 2026 EPSS Score
- Jan 21, 2026 PoC Published
- Jan 24, 2026 EPSS Score
- Jan 26, 2026 EPSS Score
- Jan 29, 2026 EPSS Score
- Feb 1, 2026 EPSS Score
- Feb 4, 2026 EPSS Score
- Feb 6, 2026 EPSS Score
- Feb 9, 2026 EPSS Score
- Feb 12, 2026 EPSS Score
- Feb 15, 2026 EPSS Score
References
- Oracle Advisory vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-21929 advisory