CVE-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

Security update for mariadb

This update for mariadb fixes the following issues: Security fixes: CVE-2026-3494: audit plugin comment handling bypass bsc1259176. CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side bsc1266442. CVE-2026-44170: argument injection in CONNECT REST Xcurl on Windows via unsanitized...