CVE-2026-22015 Affecting mysql-devel package, versions <0:8.0.46-1.el9_8


Severity

Recommended
0.0
medium
0
10

Based on Oracle Linux security rating.

Threat Intelligence

EPSS
0.24% (16th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ORACLE9-MYSQLDEVEL-17576465
  • published26 Jun 2026
  • disclosed21 Apr 2026

Introduced: 21 Apr 2026

CVE-2026-22015  (opens in a new tab)

How to fix?

Upgrade Oracle:9 mysql-devel to version 0:8.0.46-1.el9_8 or higher.
This issue was patched in ELSA-2026-23332.

NVD Description

Note: Versions mentioned in the description apply only to the upstream mysql-devel package and not the mysql-devel package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CVSS Base Scores

version 3.1