What is CVE-2021-35610?

A high-severity vulnerability has been identified in Oracle MySQL Server, affecting versions 8.0.26 and prior. This vulnerability allows unauthorized access that can lead to a denial of service. Organizations should prioritize patching immediately to mitigate risk.

What is the severity of CVE-2021-35610?

CVE-2021-35610 has a severity rating of HIGH with a CVSS base score of 7.1.

CVE-2021-35610 | High Vulnerability in Oracle MySQL Server

CVE-2021-35610 is a high-severity vulnerability classified under CVSS 3.1 with a base score of 7.1. This vulnerability allows low privileged attackers with network access via multiple protocols to compromise the Oracle MySQL Server product. The affected versions include 8.0.26 and earlier. Successful exploitation can lead to unauthorized updates, inserts, or deletions of MySQL Server accessible data, as well as the potential to cause a denial of service (DoS) through server hangs or crashes.

Organizations using Oracle MySQL Server should take immediate action. With the potential for significant impact on availability and integrity, it is crucial to assess the risk and prioritize patching. The vulnerability's exploitation status indicates that it is easily exploitable, raising the urgency for defenders.

Risk to organizations includes the ability for attackers to execute unauthorized actions, which can compromise data integrity and availability. The CVSS vector indicates a network attack vector with low complexity and no user interaction required, further emphasizing the need for swift remediation.

Given these risks, organizations should address this vulnerability in their priority patch cycle. The October 2021 critical patch update from Oracle addresses this issue, and it is recommended that all organizations upgrade to the latest version to protect against potential exploits.

Vulnerability Details

The vulnerability in the MySQL Server product of Oracle MySQL is categorized under the component 'Server: Optimizer'. The CVSS score of 7.1 indicates a high severity level. The official description states that the vulnerability can allow a low privileged attacker to compromise the MySQL Server through unauthorized access. The vulnerability was published on October 20, 2021.

Technical Analysis

The root cause of CVE-2021-35610 is linked to the MySQL Server's optimizer component, where low privileged attackers can exploit this flaw. The attack vector is network-based, and the complexity is low, requiring no user interaction. This vulnerability results in low integrity impact and high availability impact, making it critical for organizations to address.

Risk & Impact Analysis

The potential impact of this vulnerability in real-world deployment scenarios is significant. Attackers could leverage this vulnerability to disrupt MySQL operations, leading to downtime and loss of service. Organizations that rely on MySQL for critical applications could face severe operational challenges due to this vulnerability. The urgency for remediation is underscored by its CVSS score of 7.1, indicating a high likelihood of exploitation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerable versions of MySQL Server include all versions prior to 8.0.27. This includes 8.0.26 and earlier versions. Organizations utilizing these versions should take immediate action to mitigate risks associated with this vulnerability.

Mitigation & Remediation

Organizations should prioritize patching to the latest version of MySQL Server to mitigate this vulnerability. Further recommendations include implementing monitoring for unauthorized access attempts and reviewing configurations to ensure only necessary access is granted. For additional resources on effective security measures, organizations can explore penetration testing services to identify vulnerabilities.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unusual access patterns, including repeated failed login attempts and unauthorized data modifications. Behavioral anomalies in MySQL operations should be flagged for further investigation.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2021-35610 highlights the ongoing need for robust security measures within database management systems. Organizations must remain vigilant against vulnerabilities that can lead to significant operational disruptions. This vulnerability serves as a reminder of the importance of regular security assessments and updates. For further insights on security practices, organizations can refer to vulnerability management program design and penetration testing methodology resources.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-35610: High Vulnerability in Oracle MySQL Server