Low severity3.7NVD Advisory· Published May 11, 2026· Updated May 13, 2026
CVE-2026-8276
CVE-2026-8276
Description
A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysql_server/mysql_server.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been published and may be used. This patch is called 0eaa375c5e5446bfba94a290eff92967a5deac9e. It is advisable to implement a patch to correct this issue.
Affected products
1Patches
10eaa375c5e54Merge pull request #1266 from bettercap/copilot/fix-mysql-server-crash
1 file changed · +7 −2
modules/mysql_server/mysql_server.go+7 −2 modified@@ -121,15 +121,20 @@ func (mod *MySQLServer) Start() error { if _, err := conn.Write(packets.MySQLGreeting); err != nil { mod.Warning("error while writing server greeting: %s", err) continue - } else if _, err = reader.Read(readBuffer); err != nil { + } else if read, err = reader.Read(readBuffer); err != nil { mod.Warning("error while reading client message: %s", err) continue } + if read < 37 { + mod.Warning("client handshake too short (%d bytes)", read) + continue + } + // parse client capabilities and validate connection // TODO: parse mysql connections properly and // display additional connection attributes - capabilities := fmt.Sprintf("%08b", (int(uint32(readBuffer[4]) | uint32(readBuffer[5])<<8))) + capabilities := fmt.Sprintf("%016b", (int(uint32(readBuffer[4]) | uint32(readBuffer[5])<<8))) loadData := string(capabilities[8]) username := string(bytes.Split(readBuffer[36:], []byte{0})[0])
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- github.com/advisories/GHSA-jcqv-2g3v-gm88ghsaADVISORY
- github.com/bettercap/bettercap/commit/0eaa375c5e5446bfba94a290eff92967a5deac9envd
- github.com/bettercap/bettercap/issues/1265nvd
- github.com/bettercap/bettercap/issues/1265nvd
- github.com/bettercap/bettercap/pull/1266nvd
- github.com/bettercap/bettercap/releases/tag/v2.41.7ghsa
- nvd.nist.gov/vuln/detail/CVE-2026-8276ghsa
- vuldb.com/submit/811163nvd
- vuldb.com/vuln/362573nvd
- vuldb.com/vuln/362573/ctinvd
News mentions
0No linked articles in our index yet.