14 matches found
mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd
A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...
mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd
A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...
mariadb:10.11 security, bug fix, and enhancement update
An update is available for module.Judy, Judy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MariaDB is a multi-user, multi-threaded SQL database server that is...
mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd
A flaw was found in MariaDB server. When the wsrepnotifycmd feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the...
OESA-2026-2734 mariadb security update
Security Fixes: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromis...
OESA-2026-2732 mariadb security update
MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs a...
BIT-MARIADB-MIN-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`
MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...
BIT-MARIADB-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`
MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...
MGASA-2026-0207 Updated packages fix security vulnerabilities
CVE-2026-49261 MariaDB server has unsafe parameter handling in wsrepnotifycmd CVE-2026-48165 MariaDB: unsafe usage of wsrepsstreceiveaddress values on the joiner side CVE-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side rsync...
CVE-2026-49261
MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...
CVE-2026-49261
Summary: CVE-2026-49261 affects MariaDB Galera cluster where enabling wsrep_notify_cmd allows shell commands to be executed via the joiner node name. Affected versions include MariaDB 10.6.1–10.6.26, 10.11.1–10.11.17, 11.4.1–11.4.11, 11.8.1–11.8.7, and 12.3.1. Impact: potential remote command exe...
EUVD-2026-36269
MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...
MariaDB Server 命令注入漏洞
MariaDB Server is an open-source relational database system developed by MariaDB. Versions 10.6.1 to 10.6.26, 10.11.1 to 10.11.17, 11.4.1 to 11.4.11, 11.8.1 to 11.8.7, and 12.3.1 of MariaDB Server have a vulnerability related to operating system command injection. This vulnerability arises from...
SUSE-SU-2026:2282-1 Security update for mariadb
This update for mariadb fixes the following issues: Security fixes: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-44168: wsrep SST unsafe parameter handling on the donor side bsc1266442. - CVE-2026-44170: argument injection in CONNECT REST Xcurl on Windows via...