EUVD-2026-36517
SQL Injection (CWE-89)
N/A
vendor:alpine
6.9
CVSS 4.0 · Vendor: vendor:alpine
Share
Severity by source
Vendor (vendor:alpine)
PRIMARY
6.9
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (vendor:alpine) · only source for this CVE.
CVSS VectorVendor: vendor:alpine
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X
Lifecycle Timeline
2
CVSS changed
Jun 12, 2026 - 18:22 NVD
6.9 (MEDIUM)
Analysis Generated
May 27, 2026 - 23:12 vuln.today
DescriptionCVE.org
Alpine Linux: mariadb fixed in 11.8.7-r0
AnalysisAI
MariaDB on Alpine Linux has been patched in package version 11.8.7-r0, addressing an unspecified vulnerability. The CVE record contains only a terse Alpine Linux vendor advisory notice with no description, CVSS scoring, or CWE classification, making it impossible to characterize the nature of the vulnerability, affected attacker surface, or impact class at this time. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Access
Attacker targets MariaDB service
Exploit
Triggers unspecified vulnerability
Impact
Achieves unknown impact
Access
Attacker targets MariaDB service
Exploit
Triggers unspecified vulnerability
Impact
Achieves unknown impact
Vulnerability AssessmentAI
| Exploitation | No exploitation conditions can be confirmed from the available data. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Risk cannot be meaningfully assessed with the available data. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | Because the vulnerability type, attack vector, and required privileges are entirely unknown, no grounded exploit scenario can be constructed without speculating beyond the available data. No public exploit code has been identified at time of analysis. … |
| Remediation | The primary fix is to upgrade the MariaDB Alpine Linux package to version 11.8.7-r0 or later using the Alpine package manager: run 'apk update && apk upgrade mariadb'. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).