CVE-2021-2471
Description
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A high-privileged attacker can read sensitive data or cause a denial of service in MySQL Connector/J 8.0.26 and prior via network access.
Vulnerability
A vulnerability exists in the MySQL Connector/J component of Oracle MySQL, affecting versions 8.0.26 and prior. The issue is difficult to exploit and requires a high-privileged attacker with network access via multiple protocols. The exact mechanism is not publicly detailed, but it can lead to unauthorized data access and denial of service [1].
Exploitation
An attacker must have high privileges and network access to the systems using the vulnerable Connector/J version. The attack complexity is high, meaning special conditions or chained exploits likely are needed. The attacker can use multiple protocols to compromise the connector [1].
Impact
Successful exploitation results in unauthorized access to all data accessible by MySQL Connectors (high confidentiality impact) and the ability to cause a hang or regularly repeatable crash (complete denial of service, high availability impact). Integrity is not affected [1].
Mitigation
Oracle has not released a fix as of the publication date. Affected users should monitor Oracle's Critical Patch Update advisory for a future patch. No workaround or mitigation is disclosed in the available references [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mysql:mysql-connector-javaMaven | >= 8.0.0, < 8.0.27 | 8.0.27 |
Affected products
10- ghsa-coords9 versionspkg:maven/mysql/mysql-connector-javapkg:rpm/opensuse/mysql-connector-java&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/mysql-connector-java&distro=openSUSE%20Tumbleweedpkg:rpm/suse/mysql-connector-java&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/mysql-connector-java&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/mysql-connector-java&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/mysql-connector-java&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/mysql-connector-java&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/mysql-connector-java&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
>= 8.0.0, < 8.0.27+ 8 more
- (no CPE)range: >= 8.0.0, < 8.0.27
- (no CPE)range: < 5.1.47-3.6.1
- (no CPE)range: < 8.0.28-1.1
- (no CPE)range: < 8.0.25-5.13.1
- (no CPE)range: < 8.0.25-5.13.1
- (no CPE)range: < 8.0.25-5.13.1
- (no CPE)range: < 8.0.25-5.13.1
- (no CPE)range: < 8.0.25-5.13.1
- (no CPE)range: < 8.0.25-5.13.1
- Oracle Corporation/MySQL Connectorsv5Range: 8.0.26 and prior
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-w6f2-8wx4-47r5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-2471ghsaADVISORY
- www.oracle.com/security-alerts/cpuapr2022.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpuoct2021.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.