6 matches found
CVE-2026-44171
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...
CVE-2026-44171 MariaDB: path traversal in mbstream
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...
CVE-2026-44171
CVE-2026-44171 affects MariaDB server (mbstream) where archives with a /.. sequence could escape the target directory during unpacking. Affected branches include MariaDB/MariaDB server versions 10.6.1–10.6.25, 10.11.1–10.11.16, 11.4.1–11.4.10, 11.8.1–11.8.6, and 12.3.1; the issue is fixed in 10.6...
CVE-2026-44171 MariaDB: path traversal in mbstream
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...
CVE-2026-44171
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contai...
SUSE-SU-2026:2282-1 Security update for mariadb
This update for mariadb fixes the following issues: Security fixes: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side bsc1266442. - CVE-2026-44170: argument injection in CONNECT REST Xcurl on Windows via...