RHSA-2026:25143
Vulnerability from csaf_redhat - Published: 2026-06-10 22:32 - Updated: 2026-06-26 11:09Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
mariadb11.8:
* mariadb-11.8.8-1.hum1 (aarch64, x86_64)
* mariadb-backup-11.8.8-1.hum1 (aarch64, x86_64)
* mariadb-client-utils-11.8.8-1.hum1 (noarch)
* mariadb-common-11.8.8-1.hum1 (noarch)
* mariadb-connect-engine-11.8.8-1.hum1 (aarch64, x86_64)
* mariadb-cracklib-password-check-11.8.8-1.hum1 (aarch64, x86_64)
* mariadb-devel-11.8.8-1.hum1 (aarch64, x86_64)
* mariadb-embedded-11.8.8-1.hum1 (aarch64, x86_64)
* mariadb-embedded-devel-11.8.8-1.hum1 (aarch64, x86_64)
* mariadb-errmsg-11.8.8-1.hum1 (noarch)
* mariadb-gssapi-server-11.8.8-1.hum1 (aarch64, x86_64)
* mariadb-oqgraph-engine-11.8.8-1.hum1 (aarch64, x86_64)
* mariadb-pam-11.8.8-1.hum1 (aarch64, x86_64)
* mariadb-rocksdb-engine-11.8.8-1.hum1 (x86_64)
* mariadb-s3-engine-11.8.8-1.hum1 (aarch64, x86_64)
* mariadb-server-11.8.8-1.hum1 (aarch64, x86_64)
* mariadb-server-galera-11.8.8-1.hum1 (aarch64, x86_64)
* mariadb-server-utils-11.8.8-1.hum1 (noarch)
* mariadb-sphinx-engine-11.8.8-1.hum1 (aarch64, x86_64)
* mariadb-test-11.8.8-1.hum1 (aarch64, x86_64)
* mariadb11.8-11.8.8-1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in MariaDB. During a State Snapshot Transfer (SST), the donor node improperly validates parameters sent by a joiner node. This vulnerability allows a malicious joiner to execute arbitrary shell commands on the donor server through the mariabackup SST method. This could lead to a complete compromise of the donor system.
8.0 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the `SHOW CREATE ROUTINE` privilege, potentially exposing sensitive routine logic. This vulnerability allows for unauthorized access to routine definitions.
4.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in MariaDB server. When the CONNECT engine is installed and REST support is enabled on Windows, a user can exploit improper sanitization of the table HTTP attribute. This attribute is interpolated into the curl command line, allowing for arbitrary shell command execution on the server.
9.9 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in MariaDB's mbstream utility. This vulnerability allows a highly privileged local attacker, who can provide a specially crafted archive, to create files outside of the intended target directory. This is due to mbstream not properly validating paths containing directory traversal sequences (e.g., "/../") during archive unpacking. Successful exploitation could lead to unauthorized file creation, potentially impacting system integrity or availability.
5.8 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to files, were executed with subqueries in their 'FROM' clause. This could enable an attacker to write unauthorized files to the server's file system, potentially leading to the disclosure of sensitive information or a denial of service by corrupting or filling disk space.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in MariaDB server. During the State Snapshot Transfer (SST) process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands on the donor server, leading to potential compromise of the system.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrep_sst_receive_address or wsrep_sst_donor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the mariadbd process on a galera joiner node. The primary impact of this flaw is arbitrary code execution.
9.1 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in MariaDB server. When the `wsrep_notify_cmd` feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the affected system.
9.0 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:mariadb11-8-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
66 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nmariadb11.8:\n * mariadb-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-backup-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-client-utils-11.8.8-1.hum1 (noarch)\n * mariadb-common-11.8.8-1.hum1 (noarch)\n * mariadb-connect-engine-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-cracklib-password-check-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-devel-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-embedded-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-embedded-devel-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-errmsg-11.8.8-1.hum1 (noarch)\n * mariadb-gssapi-server-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-oqgraph-engine-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-pam-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-rocksdb-engine-11.8.8-1.hum1 (x86_64)\n * mariadb-s3-engine-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-server-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-server-galera-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-server-utils-11.8.8-1.hum1 (noarch)\n * mariadb-sphinx-engine-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb-test-11.8.8-1.hum1 (aarch64, x86_64)\n * mariadb11.8-11.8.8-1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:25143",
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-49261",
"url": "https://access.redhat.com/security/cve/CVE-2026-49261"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44169",
"url": "https://access.redhat.com/security/cve/CVE-2026-44169"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44168",
"url": "https://access.redhat.com/security/cve/CVE-2026-44168"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44171",
"url": "https://access.redhat.com/security/cve/CVE-2026-44171"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44170",
"url": "https://access.redhat.com/security/cve/CVE-2026-44170"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48163",
"url": "https://access.redhat.com/security/cve/CVE-2026-48163"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48165",
"url": "https://access.redhat.com/security/cve/CVE-2026-48165"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44173",
"url": "https://access.redhat.com/security/cve/CVE-2026-44173"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25143.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-26T11:09:24+00:00",
"generator": {
"date": "2026-06-26T11:09:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:25143",
"initial_release_date": "2026-06-10T22:32:43+00:00",
"revision_history": [
{
"date": "2026-06-10T22:32:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-24T12:18:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-26T11:09:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "mariadb11-8-main@aarch64",
"product": {
"name": "mariadb11-8-main@aarch64",
"product_id": "mariadb11-8-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mariadb@11.8.8-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "mariadb11-8-main@x86_64",
"product": {
"name": "mariadb11-8-main@x86_64",
"product_id": "mariadb11-8-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mariadb@11.8.8-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "mariadb11-8-main@noarch",
"product": {
"name": "mariadb11-8-main@noarch",
"product_id": "mariadb11-8-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mariadb-client-utils@11.8.8-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "mariadb11-8-main@src",
"product": {
"name": "mariadb11-8-main@src",
"product_id": "mariadb11-8-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mariadb11.8@11.8.8-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mariadb11-8-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:mariadb11-8-main@aarch64"
},
"product_reference": "mariadb11-8-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mariadb11-8-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:mariadb11-8-main@noarch"
},
"product_reference": "mariadb11-8-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mariadb11-8-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:mariadb11-8-main@src"
},
"product_reference": "mariadb11-8-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mariadb11-8-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:mariadb11-8-main@x86_64"
},
"product_reference": "mariadb11-8-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-44168",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-06-12T18:01:00.657144+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488450"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB. During a State Snapshot Transfer (SST), the donor node improperly validates parameters sent by a joiner node. This vulnerability allows a malicious joiner to execute arbitrary shell commands on the donor server through the mariabackup SST method. This could lead to a complete compromise of the donor system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: Arbitrary Code Execution via improper parameter validation during State Snapshot Transfer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in MariaDB where a malicious joiner can execute arbitrary shell commands on a donor node during a State Snapshot Transfer (SST) due to improper parameter validation. While requiring high privileges and high attack complexity, successful exploitation could lead to a complete compromise of the donor system in MariaDB deployments configured for clustering with SST.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44168"
},
{
"category": "external",
"summary": "RHBZ#2488450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44168",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44168"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44168",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44168"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-vwf7-w26c-9w5h",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-vwf7-w26c-9w5h"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39413",
"url": "https://jira.mariadb.org/browse/MDEV-39413"
}
],
"release_date": "2026-06-12T17:31:26.921000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mariadb: Arbitrary Code Execution via improper parameter validation during State Snapshot Transfer"
},
{
"cve": "CVE-2026-44169",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2026-06-12T18:01:57.787745+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488467"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the `SHOW CREATE ROUTINE` privilege, potentially exposing sensitive routine logic. This vulnerability allows for unauthorized access to routine definitions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44169"
},
{
"category": "external",
"summary": "RHBZ#2488467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44169",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44169"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44169",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44169"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-22xq-vq3f-87x2",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-22xq-vq3f-87x2"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39288",
"url": "https://jira.mariadb.org/browse/MDEV-39288"
}
],
"release_date": "2026-06-12T17:31:53.344000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check"
},
{
"cve": "CVE-2026-44170",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-06-12T18:01:03.632525+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB server. When the CONNECT engine is installed and REST support is enabled on Windows, a user can exploit improper sanitization of the table HTTP attribute. This attribute is interpolated into the curl command line, allowing for arbitrary shell command execution on the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: Arbitrary shell command execution via improper sanitization in CONNECT engine",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44170"
},
{
"category": "external",
"summary": "RHBZ#2488451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44170",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44170"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44170",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44170"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-f835-cfjq-wf73",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-f835-cfjq-wf73"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39289",
"url": "https://jira.mariadb.org/browse/MDEV-39289"
}
],
"release_date": "2026-06-12T17:30:15.405000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mariadb: Arbitrary shell command execution via improper sanitization in CONNECT engine"
},
{
"cve": "CVE-2026-44171",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-06-12T18:01:09.753065+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488453"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB\u0027s mbstream utility. This vulnerability allows a highly privileged local attacker, who can provide a specially crafted archive, to create files outside of the intended target directory. This is due to mbstream not properly validating paths containing directory traversal sequences (e.g., \"/../\") during archive unpacking. Successful exploitation could lead to unauthorized file creation, potentially impacting system integrity or availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: mbstream: Unauthorized file creation via path traversal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44171"
},
{
"category": "external",
"summary": "RHBZ#2488453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488453"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44171",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44171"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-9pjh-5hhw-65v9",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-9pjh-5hhw-65v9"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39408",
"url": "https://jira.mariadb.org/browse/MDEV-39408"
}
],
"release_date": "2026-06-12T17:33:27.365000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mariadb: mbstream: Unauthorized file creation via path traversal"
},
{
"cve": "CVE-2026-44173",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2026-06-12T18:01:36.157284+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488460"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary \u0027FILE\u0027 privilege when certain \u0027SELECT\u0027 statements, which write data to files, were executed with subqueries in their \u0027FROM\u0027 clause. This could enable an attacker to write unauthorized files to the server\u0027s file system, potentially leading to the disclosure of sensitive information or a denial of service by corrupting or filling disk space.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44173"
},
{
"category": "external",
"summary": "RHBZ#2488460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44173",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44173"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44173",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44173"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39493",
"url": "https://jira.mariadb.org/browse/MDEV-39493"
}
],
"release_date": "2026-06-12T17:34:30.301000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
},
{
"cve": "CVE-2026-48163",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-06-12T18:01:12.767000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488454"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB server. During the State Snapshot Transfer (SST) process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands on the donor server, leading to potential compromise of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: Arbitrary code execution via improper parameter validation during SST",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48163"
},
{
"category": "external",
"summary": "RHBZ#2488454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488454"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48163",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48163"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-rpgv-q6gv-684r",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-rpgv-q6gv-684r"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39648",
"url": "https://jira.mariadb.org/browse/MDEV-39648"
}
],
"release_date": "2026-06-12T17:34:57.923000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mariadb: Arbitrary code execution via improper parameter validation during SST"
},
{
"cve": "CVE-2026-48165",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-06-12T18:01:28.777552+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488458"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrep_sst_receive_address or wsrep_sst_donor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the mariadbd process on a galera joiner node. The primary impact of this flaw is arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48165"
},
{
"category": "external",
"summary": "RHBZ#2488458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488458"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48165",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48165"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-7v3p-h23x-8hwv",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-7v3p-h23x-8hwv"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39676",
"url": "https://jira.mariadb.org/browse/MDEV-39676"
}
],
"release_date": "2026-06-12T17:35:16.918000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user"
},
{
"cve": "CVE-2026-49261",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-06-11T18:01:07.126304+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487957"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in MariaDB server. When the `wsrep_notify_cmd` feature is enabled, a remote attacker could exploit this vulnerability by embedding shell commands in the name of a joiner node. This could lead to arbitrary code execution on the server, allowing the attacker to take full control of the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has assessed this vulnerability as Important. Exploitation requires the `wsrep_notify_cmd` server variable to be explicitly set to a notification script by the administrator. This variable is empty by default in the upstream configuration, and Red Hat\u0027s shipped Galera configuration additionally defaults to `wsrep_on=0`. Additionally, the attacker must stand up a MariaDB/Galera node that is accepted into the cluster membership view in order to inject a malicious node name.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-49261"
},
{
"category": "external",
"summary": "RHBZ#2487957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487957"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-49261",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-49261"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-49261",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49261"
},
{
"category": "external",
"summary": "https://github.com/MariaDB/server/security/advisories/GHSA-3p3m-4x7c-p4pw",
"url": "https://github.com/MariaDB/server/security/advisories/GHSA-3p3m-4x7c-p4pw"
},
{
"category": "external",
"summary": "https://jira.mariadb.org/browse/MDEV-39721",
"url": "https://jira.mariadb.org/browse/MDEV-39721"
}
],
"release_date": "2026-06-11T17:13:20.776000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-10T22:32:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:25143"
},
{
"category": "workaround",
"details": "If `wsrep_notify_cmd` is configured, unset it or remove the notification script. This variable is empty by default and is only present in Galera cluster deployments that have explicitly configured a notification command. Additionally, restrict network access to Galera replication ports (4567, 4568, 4444) to trusted cluster nodes only.",
"product_ids": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:mariadb11-8-main@aarch64",
"Red Hat Hardened Images:mariadb11-8-main@noarch",
"Red Hat Hardened Images:mariadb11-8-main@src",
"Red Hat Hardened Images:mariadb11-8-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…