An update for mysql is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1196 Final 1.0 1.0 2026-01-23 Initial 2026-01-23 2026-01-23 openEuler SA Tool V1.0 2026-01-23 mysql security update An update for mysql is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4 MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. %if Security Fix(es): Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2026-21936) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2026-21937) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2026-21941) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2026-21948) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).(CVE-2026-21964) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).(CVE-2026-21968) An update for mysql is now available for openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium mysql https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1196 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-21936 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-21937 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-21941 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-21948 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-21964 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-21968 https://nvd.nist.gov/vuln/detail/CVE-2026-21936 https://nvd.nist.gov/vuln/detail/CVE-2026-21937 https://nvd.nist.gov/vuln/detail/CVE-2026-21941 https://nvd.nist.gov/vuln/detail/CVE-2026-21948 https://nvd.nist.gov/vuln/detail/CVE-2026-21964 https://nvd.nist.gov/vuln/detail/CVE-2026-21968 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 mysql-8.0.45-1.oe2203sp4.src.rpm mysql-8.0.45-1.oe2403.src.rpm mysql-8.0.45-1.oe2403sp1.src.rpm mysql-8.0.45-1.oe2403sp2.src.rpm mysql-8.0.45-1.oe2403sp3.src.rpm mysql-8.0.45-1.oe2003sp4.src.rpm mysql-8.0.45-1.oe2203sp4.x86_64.rpm mysql-common-8.0.45-1.oe2203sp4.x86_64.rpm mysql-config-8.0.45-1.oe2203sp4.x86_64.rpm mysql-debuginfo-8.0.45-1.oe2203sp4.x86_64.rpm mysql-debugsource-8.0.45-1.oe2203sp4.x86_64.rpm mysql-devel-8.0.45-1.oe2203sp4.x86_64.rpm mysql-errmsg-8.0.45-1.oe2203sp4.x86_64.rpm mysql-help-8.0.45-1.oe2203sp4.x86_64.rpm mysql-libs-8.0.45-1.oe2203sp4.x86_64.rpm mysql-server-8.0.45-1.oe2203sp4.x86_64.rpm mysql-test-8.0.45-1.oe2203sp4.x86_64.rpm mysql-8.0.45-1.oe2403.x86_64.rpm mysql-common-8.0.45-1.oe2403.x86_64.rpm mysql-config-8.0.45-1.oe2403.x86_64.rpm mysql-debuginfo-8.0.45-1.oe2403.x86_64.rpm mysql-debugsource-8.0.45-1.oe2403.x86_64.rpm mysql-devel-8.0.45-1.oe2403.x86_64.rpm mysql-errmsg-8.0.45-1.oe2403.x86_64.rpm mysql-help-8.0.45-1.oe2403.x86_64.rpm mysql-libs-8.0.45-1.oe2403.x86_64.rpm mysql-server-8.0.45-1.oe2403.x86_64.rpm mysql-test-8.0.45-1.oe2403.x86_64.rpm mysql-8.0.45-1.oe2403sp1.x86_64.rpm mysql-common-8.0.45-1.oe2403sp1.x86_64.rpm mysql-config-8.0.45-1.oe2403sp1.x86_64.rpm mysql-debuginfo-8.0.45-1.oe2403sp1.x86_64.rpm mysql-debugsource-8.0.45-1.oe2403sp1.x86_64.rpm mysql-devel-8.0.45-1.oe2403sp1.x86_64.rpm mysql-errmsg-8.0.45-1.oe2403sp1.x86_64.rpm mysql-help-8.0.45-1.oe2403sp1.x86_64.rpm mysql-libs-8.0.45-1.oe2403sp1.x86_64.rpm mysql-server-8.0.45-1.oe2403sp1.x86_64.rpm mysql-test-8.0.45-1.oe2403sp1.x86_64.rpm mysql-8.0.45-1.oe2403sp2.x86_64.rpm mysql-common-8.0.45-1.oe2403sp2.x86_64.rpm mysql-config-8.0.45-1.oe2403sp2.x86_64.rpm mysql-debuginfo-8.0.45-1.oe2403sp2.x86_64.rpm mysql-debugsource-8.0.45-1.oe2403sp2.x86_64.rpm mysql-devel-8.0.45-1.oe2403sp2.x86_64.rpm mysql-errmsg-8.0.45-1.oe2403sp2.x86_64.rpm mysql-help-8.0.45-1.oe2403sp2.x86_64.rpm mysql-libs-8.0.45-1.oe2403sp2.x86_64.rpm mysql-server-8.0.45-1.oe2403sp2.x86_64.rpm mysql-test-8.0.45-1.oe2403sp2.x86_64.rpm mysql-8.0.45-1.oe2403sp3.x86_64.rpm mysql-common-8.0.45-1.oe2403sp3.x86_64.rpm mysql-config-8.0.45-1.oe2403sp3.x86_64.rpm mysql-debuginfo-8.0.45-1.oe2403sp3.x86_64.rpm mysql-debugsource-8.0.45-1.oe2403sp3.x86_64.rpm mysql-devel-8.0.45-1.oe2403sp3.x86_64.rpm mysql-errmsg-8.0.45-1.oe2403sp3.x86_64.rpm mysql-help-8.0.45-1.oe2403sp3.x86_64.rpm mysql-libs-8.0.45-1.oe2403sp3.x86_64.rpm mysql-server-8.0.45-1.oe2403sp3.x86_64.rpm mysql-test-8.0.45-1.oe2403sp3.x86_64.rpm mysql-8.0.45-1.oe2003sp4.x86_64.rpm mysql-common-8.0.45-1.oe2003sp4.x86_64.rpm mysql-config-8.0.45-1.oe2003sp4.x86_64.rpm mysql-debuginfo-8.0.45-1.oe2003sp4.x86_64.rpm mysql-debugsource-8.0.45-1.oe2003sp4.x86_64.rpm mysql-devel-8.0.45-1.oe2003sp4.x86_64.rpm mysql-errmsg-8.0.45-1.oe2003sp4.x86_64.rpm mysql-help-8.0.45-1.oe2003sp4.x86_64.rpm mysql-libs-8.0.45-1.oe2003sp4.x86_64.rpm mysql-server-8.0.45-1.oe2003sp4.x86_64.rpm mysql-test-8.0.45-1.oe2003sp4.x86_64.rpm mysql-8.0.45-1.oe2203sp4.aarch64.rpm mysql-common-8.0.45-1.oe2203sp4.aarch64.rpm mysql-config-8.0.45-1.oe2203sp4.aarch64.rpm mysql-debuginfo-8.0.45-1.oe2203sp4.aarch64.rpm mysql-debugsource-8.0.45-1.oe2203sp4.aarch64.rpm mysql-devel-8.0.45-1.oe2203sp4.aarch64.rpm mysql-errmsg-8.0.45-1.oe2203sp4.aarch64.rpm mysql-help-8.0.45-1.oe2203sp4.aarch64.rpm mysql-libs-8.0.45-1.oe2203sp4.aarch64.rpm mysql-server-8.0.45-1.oe2203sp4.aarch64.rpm mysql-test-8.0.45-1.oe2203sp4.aarch64.rpm mysql-8.0.45-1.oe2403.aarch64.rpm mysql-common-8.0.45-1.oe2403.aarch64.rpm mysql-config-8.0.45-1.oe2403.aarch64.rpm mysql-debuginfo-8.0.45-1.oe2403.aarch64.rpm mysql-debugsource-8.0.45-1.oe2403.aarch64.rpm mysql-devel-8.0.45-1.oe2403.aarch64.rpm mysql-errmsg-8.0.45-1.oe2403.aarch64.rpm mysql-help-8.0.45-1.oe2403.aarch64.rpm mysql-libs-8.0.45-1.oe2403.aarch64.rpm mysql-server-8.0.45-1.oe2403.aarch64.rpm mysql-test-8.0.45-1.oe2403.aarch64.rpm mysql-8.0.45-1.oe2403sp1.aarch64.rpm mysql-common-8.0.45-1.oe2403sp1.aarch64.rpm mysql-config-8.0.45-1.oe2403sp1.aarch64.rpm mysql-debuginfo-8.0.45-1.oe2403sp1.aarch64.rpm mysql-debugsource-8.0.45-1.oe2403sp1.aarch64.rpm mysql-devel-8.0.45-1.oe2403sp1.aarch64.rpm mysql-errmsg-8.0.45-1.oe2403sp1.aarch64.rpm mysql-help-8.0.45-1.oe2403sp1.aarch64.rpm mysql-libs-8.0.45-1.oe2403sp1.aarch64.rpm mysql-server-8.0.45-1.oe2403sp1.aarch64.rpm mysql-test-8.0.45-1.oe2403sp1.aarch64.rpm mysql-8.0.45-1.oe2403sp2.aarch64.rpm mysql-common-8.0.45-1.oe2403sp2.aarch64.rpm mysql-config-8.0.45-1.oe2403sp2.aarch64.rpm mysql-debuginfo-8.0.45-1.oe2403sp2.aarch64.rpm mysql-debugsource-8.0.45-1.oe2403sp2.aarch64.rpm mysql-devel-8.0.45-1.oe2403sp2.aarch64.rpm mysql-errmsg-8.0.45-1.oe2403sp2.aarch64.rpm mysql-help-8.0.45-1.oe2403sp2.aarch64.rpm mysql-libs-8.0.45-1.oe2403sp2.aarch64.rpm mysql-server-8.0.45-1.oe2403sp2.aarch64.rpm mysql-test-8.0.45-1.oe2403sp2.aarch64.rpm mysql-8.0.45-1.oe2403sp3.aarch64.rpm mysql-common-8.0.45-1.oe2403sp3.aarch64.rpm mysql-config-8.0.45-1.oe2403sp3.aarch64.rpm mysql-debuginfo-8.0.45-1.oe2403sp3.aarch64.rpm mysql-debugsource-8.0.45-1.oe2403sp3.aarch64.rpm mysql-devel-8.0.45-1.oe2403sp3.aarch64.rpm mysql-errmsg-8.0.45-1.oe2403sp3.aarch64.rpm mysql-help-8.0.45-1.oe2403sp3.aarch64.rpm mysql-libs-8.0.45-1.oe2403sp3.aarch64.rpm mysql-server-8.0.45-1.oe2403sp3.aarch64.rpm mysql-test-8.0.45-1.oe2403sp3.aarch64.rpm mysql-8.0.45-1.oe2003sp4.aarch64.rpm mysql-common-8.0.45-1.oe2003sp4.aarch64.rpm mysql-config-8.0.45-1.oe2003sp4.aarch64.rpm mysql-debuginfo-8.0.45-1.oe2003sp4.aarch64.rpm mysql-debugsource-8.0.45-1.oe2003sp4.aarch64.rpm mysql-devel-8.0.45-1.oe2003sp4.aarch64.rpm mysql-errmsg-8.0.45-1.oe2003sp4.aarch64.rpm mysql-help-8.0.45-1.oe2003sp4.aarch64.rpm mysql-libs-8.0.45-1.oe2003sp4.aarch64.rpm mysql-server-8.0.45-1.oe2003sp4.aarch64.rpm mysql-test-8.0.45-1.oe2003sp4.aarch64.rpm Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2026-01-23 CVE-2026-21936 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2026-01-23 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1196 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2026-01-23 CVE-2026-21937 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2026-01-23 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1196 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2026-01-23 CVE-2026-21941 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2026-01-23 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1196 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2026-01-23 CVE-2026-21948 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2026-01-23 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1196 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 2026-01-23 CVE-2026-21964 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 Medium 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H mysql security update 2026-01-23 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1196 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 2026-01-23 CVE-2026-21968 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-24.03-LTS-SP3 openEuler-20.03-LTS-SP4 Medium 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H mysql security update 2026-01-23 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1196