CVE-2026-44173 (GCVE-0-2026-44173)

Vulnerability from cvelistv5 – Published: 2026-06-12 17:34 – Updated: 2026-07-02 12:04
VLAI
Title
MariaDB: FILE privilege was not checked for subqueries in the FROM clause
Summary
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-863 - Incorrect Authorization
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
MariaDB server Affected: >= 10.6.1, < 10.6.26
Affected: >= 10.11.1, < 10.11.17
Affected: >= 11.4.1, < 11.4.11
Affected: >= 11.8.1, < 11.8.7
Affected: >= 12.3.1, < 12.3.2
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
Create a notification for this product.
Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
Create a notification for this product.
Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44173",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-12T18:03:24.496133Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-12T18:03:34.244Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:hummingbird:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Hardened Images",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-06-12T17:34:30.301Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary \u0027FILE\u0027 privilege when certain \u0027SELECT\u0027 statements, which write data to files, were executed with subqueries in their \u0027FROM\u0027 clause. This could enable an attacker to write unauthorized files to the server\u0027s file system, potentially leading to the disclosure of sensitive information or a denial of service by corrupting or filling disk space."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-266",
                "description": "Incorrect Privilege Assignment",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-02T12:04:59.604Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-44173"
          },
          {
            "name": "RHBZ#2488460",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488460"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44173.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33412"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33093"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33464"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33482"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33481"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25145"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25143"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:33412: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33093: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33464: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33482: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33481: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25145: Red Hat Hardened Images"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25143: Red Hat Hardened Images"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-06-12T18:01:36.157Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-06-12T17:34:30.301Z",
            "value": "Made public."
          }
        ],
        "title": "mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "server",
          "vendor": "MariaDB",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 10.6.1, \u003c 10.6.26"
            },
            {
              "status": "affected",
              "version": "\u003e= 10.11.1, \u003c 10.11.17"
            },
            {
              "status": "affected",
              "version": "\u003e= 11.4.1, \u003c 11.4.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 11.8.1, \u003c 11.8.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 12.3.1, \u003c 12.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-12T17:34:30.301Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc"
        },
        {
          "name": "https://jira.mariadb.org/browse/MDEV-39493",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.mariadb.org/browse/MDEV-39493"
        }
      ],
      "source": {
        "advisory": "GHSA-667j-m53j-wpmc",
        "discovery": "UNKNOWN"
      },
      "title": "MariaDB: FILE privilege was not checked for subqueries in the FROM clause"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44173",
    "datePublished": "2026-06-12T17:34:30.301Z",
    "dateReserved": "2026-05-05T14:39:34.923Z",
    "dateUpdated": "2026-07-02T12:04:59.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-44173",
      "date": "2026-07-02",
      "epss": "0.00276",
      "percentile": "0.19427"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-44173\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-06-12T18:16:34.257\",\"lastModified\":\"2026-07-02T12:17:21.280\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"MariaDB\",\"product\":\"server\",\"versions\":[{\"version\":\"\u003e= 10.6.1, \u003c 10.6.26\",\"status\":\"affected\"},{\"version\":\"\u003e= 10.11.1, \u003c 10.11.17\",\"status\":\"affected\"},{\"version\":\"\u003e= 11.4.1, \u003c 11.4.11\",\"status\":\"affected\"},{\"version\":\"\u003e= 11.8.1, \u003c 11.8.7\",\"status\":\"affected\"},{\"version\":\"\u003e= 12.3.1, \u003c 12.3.2\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.1,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-12T18:03:24.496133Z\",\"id\":\"CVE-2026-44173\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-266\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.6.1\",\"versionEndExcluding\":\"10.6.26\",\"matchCriteriaId\":\"18373B5D-2024-48F6-812A-B3E28D6E7F2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.11.1\",\"versionEndExcluding\":\"10.11.17\",\"matchCriteriaId\":\"94C3F42B-E2B4-4969-8925-78EE56F56FC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.4.1\",\"versionEndExcluding\":\"11.4.11\",\"matchCriteriaId\":\"DE5BBBEB-2714-4C1F-8662-23C932A72725\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.8.1\",\"versionEndExcluding\":\"11.8.7\",\"matchCriteriaId\":\"7C894B8F-EBFD-4835-8245-CDC7230CBC0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mariadb:mariadb:12.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57DFA226-8D97-4A19-8A62-426042F5416D\"}]}]}],\"references\":[{\"url\":\"https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jira.mariadb.org/browse/MDEV-39493\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25143\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25145\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33093\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33412\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33464\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33481\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33482\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-44173\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2488460\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44173.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-06-12T18:01:36.157Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-06-12T17:34:30.301Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:33412: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33093: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33464: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33482: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33481: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25145: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25143: Red Hat Hardened Images\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-06-12T17:34:30.301Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-44173\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2488460\", \"name\": \"RHBZ#2488460\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44173.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33412\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33093\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33464\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33482\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33481\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25145\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25143\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary \u0027FILE\u0027 privilege when certain \u0027SELECT\u0027 statements, which write data to files, were executed with subqueries in their \u0027FROM\u0027 clause. This could enable an attacker to write unauthorized files to the server\u0027s file system, potentially leading to the disclosure of sensitive information or a denial of service by corrupting or filling disk space.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-266\", \"description\": \"Incorrect Privilege Assignment\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-02T12:04:59.604Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-44173\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-12T18:03:24.496133Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-12T18:03:30.744Z\"}}], \"cna\": {\"title\": \"MariaDB: FILE privilege was not checked for subqueries in the FROM clause\", \"source\": {\"advisory\": \"GHSA-667j-m53j-wpmc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"MariaDB\", \"product\": \"server\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 10.6.1, \u003c 10.6.26\"}, {\"status\": \"affected\", \"version\": \"\u003e= 10.11.1, \u003c 10.11.17\"}, {\"status\": \"affected\", \"version\": \"\u003e= 11.4.1, \u003c 11.4.11\"}, {\"status\": \"affected\", \"version\": \"\u003e= 11.8.1, \u003c 11.8.7\"}, {\"status\": \"affected\", \"version\": \"\u003e= 12.3.1, \u003c 12.3.2\"}]}], \"references\": [{\"url\": \"https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc\", \"name\": \"https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://jira.mariadb.org/browse/MDEV-39493\", \"name\": \"https://jira.mariadb.org/browse/MDEV-39493\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-06-12T17:34:30.301Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-44173\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-02T12:04:59.604Z\", \"dateReserved\": \"2026-05-05T14:39:34.923Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-06-12T17:34:30.301Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…