Lucene search
K

4 matches found

OSV
OSV
added 2026/06/13 8:44 a.m.9 views

BIT-MARIADB-MIN-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.5AI score0.00998EPSS
Exploits0References3
OSV
OSV
added 2026/06/13 8:44 a.m.12 views

BIT-MARIADB-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.5AI score0.00998EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 5:13 p.m.89 views

EUVD-2026-36269

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.6AI score0.00998EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 5:13 p.m.527 views

CVE-2026-49261

Summary: CVE-2026-49261 affects MariaDB Galera cluster where enabling wsrep_notify_cmd allows shell commands to be executed via the joiner node name. Affected versions include MariaDB 10.6.1–10.6.26, 10.11.1–10.11.17, 11.4.1–11.4.11, 11.8.1–11.8.7, and 12.3.1. Impact: potential remote command exe...

10CVSS5.6AI score0.00998EPSS
Exploits0References12Affected Software1
Rows per page
Query Builder