{"id":"CVE-2026-44173","summary":"MariaDB: FILE privilege was not checked for subqueries in the FROM clause","details":"MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.","aliases":["BIT-mariadb-2026-44173","BIT-mariadb-min-2026-44173","BIT-mysql-client-2026-44173","GHSA-667j-m53j-wpmc"],"modified":"2026-07-12T03:55:12.386299892Z","published":"2026-06-12T17:34:30.301Z","related":["SUSE-SU-2026:22095-1","SUSE-SU-2026:2282-1","SUSE-SU-2026:2284-1","SUSE-SU-2026:2330-1","openSUSE-SU-2026:10897-1","openSUSE-SU-2026:20933-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44173.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-863"]},"references":[{"type":"WEB","url":"https://jira.mariadb.org/browse/MDEV-39493"},{"type":"WEB","url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44173.json"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:25143"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:25145"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:33093"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:33412"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:33464"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:33481"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:33482"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2026-44173"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44173.json"},{"type":"ADVISORY","url":"https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44173"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2488460"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"00a8357bd30fdfca23720448a3f638290b6d35b7"},{"fixed":"d37e50c6d04c7c27362f1668ae86fa592b94fb23"},{"introduced":"2437674291f31c91869a74eb6ebd9f03dc52bd43"},{"fixed":"6828ff7390a6e46155343be2e8a1443b52b208b5"},{"introduced":"fa69b085b10f19a3a8b6e7adab27c104924333ae"},{"fixed":"10034c14cd9f8161014d1a0de45f8bec4c277487"},{"introduced":"1c4aed7c680c0402d6e97e097f03815c0e9bf4c5"},{"fixed":"e7d1202da30b7707185dc9b55af4693d1e3e4f60"},{"introduced":"21a0714a118614982d20bfa504763d7247800091"}],"database_specific":{"extracted_events":[{"introduced":"10.6.1"},{"fixed":"10.6.26"},{"introduced":"10.11.1"},{"fixed":"10.11.17"},{"introduced":"11.4.1"},{"fixed":"11.4.11"},{"introduced":"11.8.1"},{"fixed":"11.8.7"},{"introduced":"12.3.1"},{"last_affected":"12.3.1"}],"source":["CPE_RANGE","CPE_STRING"],"cpe":["cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","cpe:2.3:a:mariadb:mariadb:12.3.1:*:*:*:*:*:*:*"]}}],"versions":["12.3.1","mariadb-11.8.7","mariadb-11.4.11","mariadb-10.11.14","mariadb-11.8.6","mariadb-10.11.16","mariadb-11.4.10","mariadb-10.6.25","mariadb-11.8.4","mariadb-11.4.9","mariadb-10.11.15","mariadb-10.6.24","mariadb-11.8.3","mariadb-10.6.23","mariadb-11.4.8","mariadb-10.11.13","mariadb-11.8.2","mariadb-10.6.20","mariadb-11.4.7","mariadb-10.6.5","mariadb-10.11.12","mariadb-11.4.6","mariadb-10.6.22","mariadb-10.11.11","mariadb-11.8.1","mariadb-11.4.5","mariadb-10.6.21","mariadb-11.4.4","mariadb-10.6.18","mariadb-10.11.10","mariadb-11.4.3","mariadb-10.11.8","mariadb-10.11.9","mariadb-10.6.19","mariadb-10.6.17","mariadb-11.4.2","mariadb-11.4.1","mariadb-10.11.7","mariadb-10.11.6","mariadb-10.6.16","mariadb-10.6.12","mariadb-10.6.14","mariadb-10.6.13","mariadb-10.6.11","mariadb-10.6.8","mariadb-10.6.9","mariadb-10.11.2","mariadb-10.11.1","mariadb-10.6.10","mariadb-10.6.6","mariadb-10.6.4","mariadb-10.6.3","mariadb-10.6.2","mariadb-10.6.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-44173.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"}]}