VDB
CVE-2026-21965
CVE-2026-21965
PUBLISHED
CVSS 2.700000047683716 LOW
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
EPSS 0.06% · 19.9th percentile
Risk Scores
CVSS 3.1
2.700000047683716
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.06%
19.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | mysql_server | 9.0.0, 9.0.0 |
| Oracle Corporation | MySQL Server | 9.0.0 |
Exploit Intelligence
- CIRCL seen: CVE-2026-21965 (circl-sighting)
- Oracle Advisory (circl)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
…and 4 more exploits
Timeline
- CVE Published
- Jan 21, 2026 EPSS Score
- Jan 21, 2026 PoC Published
- Jan 24, 2026 EPSS Score
- Jan 26, 2026 EPSS Score
- Jan 29, 2026 EPSS Score
- Feb 1, 2026 EPSS Score
- Feb 4, 2026 EPSS Score
- Feb 6, 2026 EPSS Score
- Feb 9, 2026 EPSS Score
- Feb 12, 2026 EPSS Score
- Feb 15, 2026 EPSS Score