CVE-2026-35549

🗓️ 03 Apr 2026 05:00:18Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 42 Views

MariaDB vulnerability: a large packet crashes the server when caching_sha2_password is used due to sha256_crypt_r using alloca.

Reporter	Title	Published	Views	Family All 37
ATTACKERKB	CVE-2026-35549	3 Apr 202605:00	–	attackerkb
AlpineLinux	CVE-2026-35549	3 Apr 202605:00	–	alpinelinux
CNNVD	MariaDB Server 安全漏洞	3 Apr 202600:00	–	cnnvd
Cvelist	CVE-2026-35549	3 Apr 202605:00	–	cvelist
Debian CVE	CVE-2026-35549	3 Apr 202605:00	–	debiancve
EUVD	EUVD-2026-18595	3 Apr 202606:31	–	euvd
MariaDBUnix	CVE-2026-35549	3 Apr 202605:00	–	mariadbunix
NVD	CVE-2026-35549	3 Apr 202605:16	–	nvd
Tenable Nessus	openSUSE 16 Security Update : mariadb (openSUSE-SU-2026:20933-1)	14 Jun 202600:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : mariadb (SUSE-SU-2026:2330-1)	14 Jun 202600:00	–	nessus

NVD

Vulners

Node

mariadb mariadbRange<11.4.10

mariadb mariadbRange11.5.0–11.8.6

mariadb mariadbRange12.0.0–12.2.2

[
  {
    "defaultStatus": "unaffected",
    "product": "MariaDB",
    "vendor": "MariaDB",
    "versions": [
      {
        "lessThan": "11.4.10",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "11.8.6",
        "status": "affected",
        "version": "11.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "12.2.2",
        "status": "affected",
        "version": "12.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
jira	www.jira.mariadb.org/browse/MDEV-38365

17 Jun 2026 10:40Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.16.5

EPSS0.00256

SSVC

CWE-789