CVE-2026-21937
Description
RHSA-2026:6391: mysql:8.4 security update (Moderate)
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description mysql: DDL unspecified vulnerability (CPU Jan 2026) Red Hat statement Red Hat Product Security rates the severity of this flaw as determined by the Oracle MySQL Critical Patch Update. CVSS v3: 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 10mysql8.4-0:8.4.8-1.el10_1RHSA-2026:41622026-03-10T00:00:00Zโฆ
Description
mysql: DDL unspecified vulnerability (CPU Jan 2026)
Red Hat statement
Red Hat Product Security rates the severity of this flaw as determined by the Oracle MySQL Critical Patch Update.
CVSS v3: 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | mysql8.4-0:8.4.8-1.el10_1 | RHSA-2026:4162 | 2026-03-10T00:00:00Z |
| Red Hat Enterprise Linux 8 | mysql:8.0-8100020260223150324.489197e6 | RHSA-2026:5580 | 2026-03-24T00:00:00Z |
| Red Hat Enterprise Linux 8 | mysql:8.4-8100020260219114250.489197e6 | RHSA-2026:6391 | 2026-04-01T00:00:00Z |
| Red Hat Enterprise Linux 9 | mysql-0:8.0.45-1.el9_7 | RHSA-2026:4828 | 2026-03-17T00:00:00Z |
| Red Hat Enterprise Linux 9 | mysql:8.4-9070020260313201256.rhel9 | RHSA-2026:5640 | 2026-03-24T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | mysql | Not affected |
Apply commands
yum update -y mysql8
# or:
dnf upgrade -y mysql8Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 6 | Not affected |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rocky | 8 | fixed | |
| rhel | 9 | fixed | |
| sles | affected | | |
| rocky | 9 | fixed | |
| debian | sid | fixed | 8.0.45-1 |
| almalinux | 9 | fixed | mysql-test-8.4.8-1.module_el9.7.0+219+aca48cd3.aarch64.rpm |
| almalinux | 8 | fixed | mysql-devel-8.0.45-1.module_el8.10.0+4142+0b28b031.aarch64.rpm |
| rhel | 8 | fixed | |
References
- https://errata.rockylinux.org/RLSA-2026:6391
- https://errata.rockylinux.org/RLSA-2026:5580
- https://access.redhat.com/errata/RHSA-2026:4828
- https://access.redhat.com/errata/RHSA-2026:5640
- https://www.suse.com/security/cve/CVE-2026-21937.html
- https://errata.rockylinux.org/RLSA-2026:5640
- https://errata.rockylinux.org/RLSA-2026:4828
- https://security-tracker.debian.org/tracker/CVE-2026-21937
- https://access.redhat.com/errata/RHSA-2026:6391
- https://bugzilla.redhat.com/2431384
- https://bugzilla.redhat.com/2431385
- https://bugzilla.redhat.com/2431402
- https://bugzilla.redhat.com/2431409
- https://bugzilla.redhat.com/2431413
- https://bugzilla.redhat.com/2431431
- https://errata.almalinux.org/8/ALSA-2026-6391.html
- https://access.redhat.com/errata/RHSA-2026:5580
- https://errata.almalinux.org/8/ALSA-2026-5580.html
- https://errata.almalinux.org/9/ALSA-2026-5640.html
- https://errata.almalinux.org/9/ALSA-2026-4828.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.