CVE Vulnerabilities

CVE-2026-34317

Improper Resource Shutdown or Release

Published: Apr 21, 2026 | Modified: May 05, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).

Weakness

The product does not release or incorrectly releases a resource before it is made available for re-use.

Affected Software

NameVendorStart VersionEnd Version
MysqlOracle8.0.0 (including)8.0.45 (including)
MysqlOracle8.4.0 (including)8.4.8 (including)
MysqlOracle9.0.0 (including)9.6.0 (including)
Mariadb-10.3Ubuntuesm-apps/focal*
Mysql-5.5Ubuntuesm-infra-legacy/trusty*
Mysql-5.7Ubuntuesm-infra-legacy/xenial*
Mysql-5.7Ubuntuesm-infra/bionic*
Mysql-5.7Ubuntuesm-infra/xenial*
Mysql-8.0Ubuntuesm-infra/focal*
Mysql-8.0Ubuntujammy*
Mysql-8.0Ubuntunoble*
Mysql-8.0Ubuntuupstream*
Mysql-8.4Ubuntudevel*
Mysql-8.4Ubuntuquesting*
Mysql-8.4Ubunturesolute*
Mysql-8.4Ubuntuupstream*
Percona-server-5.6Ubuntuesm-apps/xenial*
Percona-xtradb-cluster-5.6Ubuntuesm-apps/xenial*

Potential Mitigations

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.

References