mariadb

Top products

The 15 most recently published vulnerabilities affecting mariadb.

• CVE-2026-48165MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side8.0Jun 12, 2026
• CVE-2026-48163MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)8.0Jun 12, 2026
• CVE-2026-44173MariaDB: FILE privilege was not checked for subqueries in the FROM clause5.0Jun 12, 2026
• CVE-2026-44172MariaDB: mysql_real_escape_string() incorrectly handled big59.8Jun 12, 2026
• CVE-2026-44171MariaDB: path traversal in mbstream6.3Jun 12, 2026
• CVE-2026-44169MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions4.3Jun 12, 2026
• CVE-2026-44168MariaDB: wsrep SST unsafe parameter handling on the donor side8.0Jun 12, 2026
• CVE-2026-44170MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL9.8Jun 12, 2026
• CVE-2026-49261MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`10.0Jun 11, 2026
• CVE-2026-35549An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user...6.5Apr 3, 2026
• CVE-2026-32710Heap-based Buffer Overflow in MariaDB8.5Mar 20, 2026
• CVE-2025-13699MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability7.0Dec 23, 2025
• CVE-2025-56404An issue was discovered in MariaDB MCP 0.1.0 allowing attackers to gain sensitive information via the SSE service as the SSE service lacks user validation.7.5Sep 10, 2025
• CVE-2023-52971MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.4.9Mar 8, 2025
• CVE-2023-52970MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.4.9Mar 8, 2025