CVE-2026-48165

A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrepsstreceiveaddress or wsrepsstdonor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the...

CVE-2026-44173

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB version 10.5.9 allows a SetVar.cc application to crash due to certain uses of the UPDATE statement in conjunction with a nested subquery...

ALPINE-CVE-2026-44171

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...

CVE-2026-48165 MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsstdonor global system...

Medium: mariadb114

Issue Overview: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

ROS-20260524-73-0043

Vulnerability in mariadb related to security configuration errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021672)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021672 advisory. getsortbytable in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. Tenable has extracted the preceding description block...

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021669)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021669 advisory. MariaDB through 10.5.9 allows a sqlparse.cc application crash because of incorrect usedtables expectations. Tenable has extracted the preceding description block...

Unity Linux 20.1070e Security Update: mariadb (UTSA-2026-021663)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021663 advisory. MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used. Tenable has extracted the preceding...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB version 10.5.9 allows an application crash in the findfieldintables and findorderinlist functions due to an unused common table expression CTE...

MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability

A flaw was found in MariaDB. An authenticated user can exploit a vulnerability in the JSONSCHEMAVALID function, which may lead to a server crash, resulting in a denial of service. Under specific and controlled conditions, this flaw could potentially be leveraged to achieve remote code execution,...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected MariaDB installations. Authentication is required to exploit this vulnerability. The specific flaw resides in the processing ...

Astra Linux – Vulnerability in Mariadb 10.3

It has been discovered that MariaDB Server v10.7 and earlier contain a global buffer overflow in the decimalbinsize component, which can be exploited through specially crafted SQL statements...

Astra Linux – Vulnerability in Mariadb 10.3

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server up to 2021-03-03; and the wsrep patch up to 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUP...

Astra Linux – Vulnerability in Mariadb 10.3

It has been discovered that MariaDB Server v10.6.5 and earlier contain a use-after-free in the Itemargs::walkarg component, which can be exploited through specially crafted SQL statements...

Astra Linux – Vulnerability in Mariadb 10.3

In MariaDB, the getsortbytable function before version 10.6.2 allows an application to crash due to certain uses of the ORDER BY clause...

Astra Linux – Vulnerability in Mariadb 10.3

A vulnerability in the Itemsubselect::initexprcachetracker component of MariaDB Server v10.6 and earlier was identified. This vulnerability allows attackers to trigger a Denial of Service DoS attack through specially crafted SQL statements...

Astra Linux – Vulnerability in Mariadb 10.3

It was discovered that MariaDB versions 10.2 to 10.7 contain a segmentation fault due to the subselect component...

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB version 10.5.13 allows a hamaria::extra application to crash due to certain SELECT statements...