{"id":"CVE-2026-48165","summary":"MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side","details":"MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or wsrep_sst_donor global system variables to execute shell commands as the uid of the mariadbd process on the galera joiner node. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2.","aliases":["BIT-mariadb-2026-48165","BIT-mariadb-min-2026-48165","BIT-mysql-client-2026-48165","GHSA-7v3p-h23x-8hwv"],"modified":"2026-06-18T16:25:07.882134Z","published":"2026-06-12T17:35:16.918Z","related":["SUSE-SU-2026:22095-1","SUSE-SU-2026:2282-1","SUSE-SU-2026:2284-1","SUSE-SU-2026:2330-1","openSUSE-SU-2026:10934-1","openSUSE-SU-2026:20933-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/48xxx/CVE-2026-48165.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-78"]},"references":[{"type":"WEB","url":"https://jira.mariadb.org/browse/MDEV-39676"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/48xxx/CVE-2026-48165.json"},{"type":"ADVISORY","url":"https://github.com/MariaDB/server/security/advisories/GHSA-7v3p-h23x-8hwv"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-48165"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"00a8357bd30fdfca23720448a3f638290b6d35b7"},{"fixed":"b2050fdb4a8776422baf01a41bf86845994edb97"},{"introduced":"2437674291f31c91869a74eb6ebd9f03dc52bd43"},{"fixed":"197f92bee02d8e836f529f37625be69b83e7acbd"},{"introduced":"fa69b085b10f19a3a8b6e7adab27c104924333ae"},{"fixed":"b4a80422bfeec93079a430c080fffbda8f6fa574"},{"introduced":"1c4aed7c680c0402d6e97e097f03815c0e9bf4c5"},{"fixed":"46a8eb42a520193686d9a16d4cea4b3e002917e4"},{"introduced":"21a0714a118614982d20bfa504763d7247800091"},{"fixed":"9f98f82b14a9b939834281672b6d0cf965db69a3"}],"database_specific":{"extracted_events":[{"introduced":"10.6.1"},{"fixed":"10.6.27"},{"introduced":"10.11.1"},{"fixed":"10.11.18"},{"introduced":"11.4.1"},{"fixed":"11.4.12"},{"introduced":"11.8.1"},{"fixed":"11.8.8"},{"introduced":"12.3.1"},{"fixed":"12.3.2"}],"source":"AFFECTED_FIELD"}}],"versions":["mariadb-10.11.17","mariadb-11.8.7b","mariadb-11.4.11b","mariadb-10.6.26","mariadb-11.8.7","mariadb-11.4.11","mariadb-12.3.1","mariadb-10.11.14","mariadb-11.8.6","mariadb-10.11.16","mariadb-11.4.10","mariadb-10.6.25","mariadb-11.8.4","mariadb-11.4.9","mariadb-10.11.15","mariadb-10.6.24","mariadb-11.8.3","mariadb-10.6.23","mariadb-11.4.8","mariadb-10.11.13","mariadb-11.8.2","mariadb-10.6.20","mariadb-11.4.7","mariadb-10.6.5","mariadb-10.11.12","mariadb-11.4.6","mariadb-10.6.22","mariadb-10.11.11","mariadb-11.8.1","mariadb-11.4.5","mariadb-10.6.21","mariadb-11.4.4","mariadb-10.6.18","mariadb-10.11.10","mariadb-11.4.3","mariadb-10.11.8","mariadb-10.11.9","mariadb-10.6.19","mariadb-10.6.17","mariadb-11.4.2","mariadb-11.4.1","mariadb-10.11.7","mariadb-10.11.6","mariadb-10.6.16","mariadb-10.6.12","mariadb-10.6.14","mariadb-10.6.13","mariadb-10.6.11","mariadb-10.6.8","mariadb-10.6.9","mariadb-10.11.2","mariadb-10.11.1","mariadb-10.6.10","mariadb-10.6.6","mariadb-10.6.4","mariadb-10.6.3","mariadb-10.6.2","mariadb-10.6.1"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["83555093190689620275821073838593397976","143165154904281853743473853789182958881","63999986304963433756283349979408037597","11928305571998280801094324365008482859"]},"target":{"file":"plugin/feedback/utils.cc"},"source":"https://github.com/mariadb/server/commit/46a8eb42a520193686d9a16d4cea4b3e002917e4","signature_type":"Line","id":"CVE-2026-48165-2a00d700","deprecated":false}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-48165.json","vanir_signatures_modified":"2026-06-18T16:25:07Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"}]}