MariaDB
Monthly
Denial of service in MariaDB Server through large packet crashes when the caching_sha2_password authentication plugin is enabled and accounts use it, due to unbounded stack allocation in sha256_crypt_r. Authenticated remote attackers can crash the server by sending a crafted large authentication packet. MariaDB versions before 11.4.10, 11.5.0 through 11.8.5, and 12.0.0 through 12.2.1 are affected. No public exploit code or confirmed active exploitation reported at time of analysis.
MariaDB Server through version 11.8.5 fails to audit SQL statements when the server audit plugin is enabled and queries are prefixed with SQL comments (-- or #), allowing authenticated database users to execute DDL, DML, or DCL commands without logging. This bypass affects Relational Database Service, Aurora MySQL, and MariaDB deployments relying on audit logging for compliance and security monitoring. An attacker with database credentials could perform unauthorized administrative or data manipulation operations while evading audit trails.
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restarts. [CVSS 7.8 HIGH]
Heap buffer overflow in CryptoLib versions prior to 1.4.3 allows a high-privileged local attacker to corrupt adjacent memory by supplying oversized hex strings in MariaDB SA fields without capacity validation. Public exploit code exists for this vulnerability affecting spacecraft communication security implementations. The flaw enables denial of service and potential code execution through heap memory manipulation.
MariaDB on Alpine Linux received a security fix in package version 11.8.7-r0, addressing an unspecified vulnerability tracked as CVE-2026-44173. The nature of the underlying flaw, affected component, and attacker capability are not described in available intelligence - only the Alpine Linux vendor advisory confirms the patch. No CVSS score, CWE classification, KEV listing, or exploit code has been identified at time of analysis.
OS command injection in MariaDB Server (CWE-78) affects multiple supported branches (10.6.x, 10.11.x, 11.4.x, 11.8.x, 12.3.x) and allows an attacker with high database privileges to execute arbitrary operating system commands on the database host, leading to full confidentiality, integrity, and availability compromise. The flaw is tracked by Alpine, the upstream MariaDB GHSA-rpgv-q6gv-684r advisory, and MDEV-39648, with patches already released across branches. No public exploit is identified at time of analysis and EPSS is very low (0.07%, 22th percentile), so the issue is currently treated as a high-severity patch-now rather than an in-the-wild emergency.
Command injection (CWE-78) in MariaDB Server affects multiple branches (10.6.x, 10.11.x, 11.4.x, 11.8.x, and 12.3.x) and allows an authenticated high-privileged user to achieve full compromise of confidentiality, integrity, and availability over the network. Alpine Linux has shipped a fixed package (mariadb 11.8.8-r0), and an upstream advisory (GHSA-7v3p-h23x-8hwv) plus MDEV-39676 track the issue, but no public exploit identified at time of analysis and EPSS is very low at 0.06%.
MariaDB on Alpine Linux contains an uncharacterized vulnerability addressed in Alpine package version 11.8.7-r0. The nature, impact class, and exploitability of this vulnerability cannot be determined from available data - no CVSS score, vector, CWE classification, or detailed description has been published. The sole confirmed fact is that the Alpine Linux vendor issued a patched package, indicating a security-relevant defect existed in prior MariaDB builds shipped with Alpine. No active exploitation (KEV) or public proof-of-concept has been identified at time of analysis.
Path traversal in MariaDB Server (CVE-2026-44171) allows a local attacker to escape intended directory boundaries via user-interaction-driven file handling, with full confidentiality, integrity, and availability impact (CVSS 7.8). Multiple stable branches are affected, with fixes shipped in 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2; Alpine Linux has packaged the fix as mariadb 11.8.7-r0. There is no public exploit identified at time of analysis and EPSS is 0.01% (2nd percentile), indicating minimal observed exploitation interest so far.
MariaDB on Alpine Linux has been patched in package version 11.8.7-r0, addressing an unspecified vulnerability. The CVE record contains only a terse Alpine Linux vendor advisory notice with no description, CVSS scoring, or CWE classification, making it impossible to characterize the nature of the vulnerability, affected attacker surface, or impact class at this time. No public exploit has been identified, no KEV listing exists, and EPSS data is absent - the full scope of risk cannot be assessed from available data.
Denial of service in MariaDB Server through large packet crashes when the caching_sha2_password authentication plugin is enabled and accounts use it, due to unbounded stack allocation in sha256_crypt_r. Authenticated remote attackers can crash the server by sending a crafted large authentication packet. MariaDB versions before 11.4.10, 11.5.0 through 11.8.5, and 12.0.0 through 12.2.1 are affected. No public exploit code or confirmed active exploitation reported at time of analysis.
MariaDB Server through version 11.8.5 fails to audit SQL statements when the server audit plugin is enabled and queries are prefixed with SQL comments (-- or #), allowing authenticated database users to execute DDL, DML, or DCL commands without logging. This bypass affects Relational Database Service, Aurora MySQL, and MariaDB deployments relying on audit logging for compliance and security monitoring. An attacker with database credentials could perform unauthorized administrative or data manipulation operations while evading audit trails.
MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restarts. [CVSS 7.8 HIGH]
Heap buffer overflow in CryptoLib versions prior to 1.4.3 allows a high-privileged local attacker to corrupt adjacent memory by supplying oversized hex strings in MariaDB SA fields without capacity validation. Public exploit code exists for this vulnerability affecting spacecraft communication security implementations. The flaw enables denial of service and potential code execution through heap memory manipulation.
MariaDB on Alpine Linux received a security fix in package version 11.8.7-r0, addressing an unspecified vulnerability tracked as CVE-2026-44173. The nature of the underlying flaw, affected component, and attacker capability are not described in available intelligence - only the Alpine Linux vendor advisory confirms the patch. No CVSS score, CWE classification, KEV listing, or exploit code has been identified at time of analysis.
OS command injection in MariaDB Server (CWE-78) affects multiple supported branches (10.6.x, 10.11.x, 11.4.x, 11.8.x, 12.3.x) and allows an attacker with high database privileges to execute arbitrary operating system commands on the database host, leading to full confidentiality, integrity, and availability compromise. The flaw is tracked by Alpine, the upstream MariaDB GHSA-rpgv-q6gv-684r advisory, and MDEV-39648, with patches already released across branches. No public exploit is identified at time of analysis and EPSS is very low (0.07%, 22th percentile), so the issue is currently treated as a high-severity patch-now rather than an in-the-wild emergency.
Command injection (CWE-78) in MariaDB Server affects multiple branches (10.6.x, 10.11.x, 11.4.x, 11.8.x, and 12.3.x) and allows an authenticated high-privileged user to achieve full compromise of confidentiality, integrity, and availability over the network. Alpine Linux has shipped a fixed package (mariadb 11.8.8-r0), and an upstream advisory (GHSA-7v3p-h23x-8hwv) plus MDEV-39676 track the issue, but no public exploit identified at time of analysis and EPSS is very low at 0.06%.
MariaDB on Alpine Linux contains an uncharacterized vulnerability addressed in Alpine package version 11.8.7-r0. The nature, impact class, and exploitability of this vulnerability cannot be determined from available data - no CVSS score, vector, CWE classification, or detailed description has been published. The sole confirmed fact is that the Alpine Linux vendor issued a patched package, indicating a security-relevant defect existed in prior MariaDB builds shipped with Alpine. No active exploitation (KEV) or public proof-of-concept has been identified at time of analysis.
Path traversal in MariaDB Server (CVE-2026-44171) allows a local attacker to escape intended directory boundaries via user-interaction-driven file handling, with full confidentiality, integrity, and availability impact (CVSS 7.8). Multiple stable branches are affected, with fixes shipped in 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2; Alpine Linux has packaged the fix as mariadb 11.8.7-r0. There is no public exploit identified at time of analysis and EPSS is 0.01% (2nd percentile), indicating minimal observed exploitation interest so far.
MariaDB on Alpine Linux has been patched in package version 11.8.7-r0, addressing an unspecified vulnerability. The CVE record contains only a terse Alpine Linux vendor advisory notice with no description, CVSS scoring, or CWE classification, making it impossible to characterize the nature of the vulnerability, affected attacker surface, or impact class at this time. No public exploit has been identified, no KEV listing exists, and EPSS data is absent - the full scope of risk cannot be assessed from available data.