Relational Database Service

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-3494 MEDIUM This Month

MariaDB Server through version 11.8.5 fails to audit SQL statements when the server audit plugin is enabled and queries are prefixed with SQL comments (-- or #), allowing authenticated database users to execute DDL, DML, or DCL commands without logging. This bypass affects Relational Database Service, Aurora MySQL, and MariaDB deployments relying on audit logging for compliance and security monitoring. An attacker with database credentials could perform unauthorized administrative or data manipulation operations while evading audit trails.

Information Disclosure Relational Database Service Aurora Mysql Mariadb
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3494
EPSS 0% CVSS 4.3
MEDIUM This Month

MariaDB Server through version 11.8.5 fails to audit SQL statements when the server audit plugin is enabled and queries are prefixed with SQL comments (-- or #), allowing authenticated database users to execute DDL, DML, or DCL commands without logging. This bypass affects Relational Database Service, Aurora MySQL, and MariaDB deployments relying on audit logging for compliance and security monitoring. An attacker with database credentials could perform unauthorized administrative or data manipulation operations while evading audit trails.

Information Disclosure Relational Database Service Aurora Mysql +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy