CVE-2026-22001 Affecting mysql:8.0/mysql-server package, versions <0:8.0.46-1.module_el8.10.0+4192+724bc664


Severity

Recommended
medium

Based on AlmaLinux security rating.

Threat Intelligence

EPSS
0.26% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ALMALINUX8-MYSQL-17353671
  • published17 Jun 2026
  • disclosed16 Jun 2026

Introduced: 16 Jun 2026

NewCVE-2026-22001  (opens in a new tab)

How to fix?

Upgrade AlmaLinux:8 mysql:8.0/mysql-server to version 0:8.0.46-1.module_el8.10.0+4192+724bc664 or higher.
This issue was patched in ALSA-2026:25919.

NVD Description

Note: Versions mentioned in the description apply only to the upstream mysql:8.0/mysql-server package and not the mysql:8.0/mysql-server package as distributed by AlmaLinux. See How to fix? for AlmaLinux:8 relevant fixed versions and status.

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).

CVSS Base Scores

version 3.1