MySQL Authentication Module Allows Unauthenticated Access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.3

MySQL Authentication Module Allows Unauthenticated Access

CVE-2026-2584

Summary

A critical flaw in the MySQL authentication module lets anyone access the system without a password. This could lead to sensitive data being exposed and compromise of system settings. Update the authentication module to fix this issue.

Original title

Original description

A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity (AC:L) and the absence of specific requirements (AT:N), the vulnerability allows for a total compromise of the system's configuration data (VC:H/VI:H). While the availability of the service remains unaffected (VA:N), the breach may lead to a limited exposure of sensitive information regarding subsequent or interconnected systems (SC:L).

nvd CVSS4.0 9.3

Vulnerability type

CWE-89 SQL Injection

https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-ciser-system-sl...

Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026