EUVD-2026-13764
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3Description
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.
Analysis
Authenticated users can trigger a heap overflow in MariaDB 11.4 (before 11.4.10) and 11.8 (before 11.8.6) through the JSON_SCHEMA_VALID() function, causing denial of service and potentially remote code execution under specific memory layout conditions. The vulnerability requires valid database credentials and affects server availability and integrity across scope boundaries. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all MariaDB 11.4 (pre-11.4.10) and 11.8 (pre-11.8.6) deployments and restrict database access to trusted users only. Within 7 days: Disable or restrict the JSON_SCHEMA_VALID() function via database user privileges if operationally feasible, and implement network segmentation to limit authenticated access. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today