CRITICAL🇵🇱 Wersja polska

CVE-2026-49261

CVSS 10.0v3.1pub. 2026-06-11upd. 2026-07-01

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with `wsrep_notify_cmd` enabled would execute shell commands embedded in the name of the joiner node. This is fixed in 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2. As a workaround, anyone who cannot upgrade now should disable `wsrep_notify_cmd`.

🤖 AI Analysis
How it works

When the `wsrep_notify_cmd` option is enabled, the MariaDB server executes the configured shell command to notify about Galera cluster events. The vulnerability exists because the joiner node name is inserted into the shell call without proper sanitization. An attacker can place malicious shell commands in the node name, which will be executed by the server when the node joins the cluster.

Impact

An attacker can execute arbitrary system commands with the privileges of the MariaDB server process, which in practice means complete control over the system — data theft, malware installation, and breach of confidentiality, integrity, and availability of the environment.

Mitigation & patch

Update MariaDB to version: 10.6.27, 10.11.18, 11.4.12, 11.8.8, or 12.3.2. As a temporary workaround, if an update is not immediately possible, disable the `wsrep_notify_cmd` option in the server configuration.

Who is affected

MariaDB Server in versions: 10.6.1–10.6.26, 10.11.1–10.11.17, 11.4.1–11.4.11, 11.8.1–11.8.7, and 12.3.1 — only when the `wsrep_notify_cmd` option is enabled.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • MariaDB

    APP
    Mariadb
    12.3.110.6.1 – 10.6.27 (bez)10.11.1 – 10.11.18 (bez)11.4.1 – 11.4.12 (bez)11.8.1 – 11.8.8 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2023-26785CRITICAL9.8PL ✓ten sam produkt

MariaDB v10.5 — RCE przez UDF w plikach współdzielonych (disputed)

CVE-2020-15180CRITICAL9.0ten sam produkt

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` all...

CVE-2016-9843CRITICAL9.8ten sam produkt

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified im...

CVE-2016-6662CRITICAL9.8ten sam produkt

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x bef...

CVE-2026-44168HIGH8.0ten sam produkt

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 ...