CVE-2026-44171 MariaDB: path traversal in mbstream

🗓️ 12 Jun 2026 17:33:27Reported by GitHub_MType

MariaDB mbstream path traversal during archive unpacking writes outside the target directory; fixed.

Reporter	Title	Published	Views	Family All 27
FreeBSD	MariaDB -- Multiple vulnerabilities	18 May 202600:00	–	freebsd
AlpineLinux	CVE-2026-44171	12 Jun 202617:33	–	alpinelinux
Circl	CVE-2026-44171	10 Jun 202604:57	–	circl
CVE	CVE-2026-44171	12 Jun 202617:33	–	cve
Debian CVE	CVE-2026-44171	12 Jun 202617:33	–	debiancve
EUVD	EUVD-2026-36516	12 Jun 202617:33	–	euvd
Tenable Nessus	FreeBSD : MariaDB -- Multiple vulnerabilities (31b7e7bc-5358-11f1-8b62-8447094a420f)	20 May 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : mariadb (openSUSE-SU-2026:20933-1)	14 Jun 202600:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2026-44171	7 Jun 202600:00	–	nessus
MariaDBUnix	CVE-2026-44171	18 May 202600:00	–	mariadbunix

[
  {
    "vendor": "MariaDB",
    "product": "server",
    "versions": [
      {
        "version": ">= 10.6.1, < 10.6.26",
        "status": "affected"
      },
      {
        "version": ">= 10.11.1, < 10.11.17",
        "status": "affected"
      },
      {
        "version": ">= 11.4.1, < 11.4.11",
        "status": "affected"
      },
      {
        "version": ">= 11.8.1, < 11.8.7",
        "status": "affected"
      },
      {
        "version": ">= 12.3.1, < 12.3.2",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/MariaDB/server/security/advisories/GHSA-9pjh-5hhw-65v9
jira	www.jira.mariadb.org/browse/MDEV-39408

12 Jun 2026 17:33Current

CVSS 3.16.3

EPSS0.00012

CWE-22