{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-46860: Vulnerability in the MySQL Router product of Oracle MySQL (component: Router: General)","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-46860","status":"final","version":"1","initial_release_date":"2026-06-16T19:27:34.943Z","current_release_date":"2026-06-16T19:27:34.943Z","revision_history":[{"date":"2026-06-16T19:27:34.943Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"Vulnerability in the MySQL Router product of Oracle MySQL (component: Router: General).  Supported versions that are affected are 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MySQL Router.  Successful attacks of this vulnerability can result in takeover of MySQL Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-46860 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-46860"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-46860"},{"category":"external","summary":"Oracle Advisory","url":"https://www.oracle.com/security-alerts/cspujun2026.html"}]},"product_tree":{"branches":[{"category":"vendor","name":"Oracle Corporation","branches":[{"category":"product_name","name":"MySQL Router","branches":[{"category":"product_version_range","name":">=9.0.0 <=9.7.0","product":{"name":"Oracle Corporation MySQL Router >=9.0.0 <=9.7.0","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:oracle_corporation:mysql_router:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-46860","title":"Vulnerability in the MySQL Router product of Oracle MySQL (component: Router: General)","notes":[{"category":"description","text":"Vulnerability in the MySQL Router product of Oracle MySQL (component: Router: General).  Supported versions that are affected are 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MySQL Router.  Successful attacks of this vulnerability can result in takeover of MySQL Router. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"]},"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL"},"products":["CSAFPID-1"]}],"remediations":[{"category":"none_available","details":"No fixed version is published yet. Monitor the upstream advisory.","product_ids":["CSAFPID-1"]}]}]}