{"id":"USN-8536-1","summary":"mariadb vulnerabilities","details":"It was discovered that MariaDB did not properly validate parameters\nsupplied by a joiner node during a State Snapshot Transfer using the\nmariabackup method. An attacker could possibly use this issue to execute\narbitrary shell commands on the donor node. (CVE-2026-44168)\n\nIt was discovered that MariaDB did not properly enforce the SHOW CREATE\nROUTINE privilege when a user obtained access to a stored routine via a\nrole. An authenticated user could possibly use this issue to obtain\nsensitive information. (CVE-2026-44169)\n\nIt was discovered that MariaDB's mbstream utility did not properly validate\npaths when unpacking archives. An attacker could possibly use this issue to\nwrite files outside of the intended target directory. (CVE-2026-44171)\n\nIt was discovered that MariaDB's mysql_real_escape_string() function\nincorrectly handled the big5 character set. An attacker could possibly use\nthis issue to perform SQL injection attacks. (CVE-2026-44172)\n\nIt was discovered that MariaDB did not properly check the FILE privilege\nwhen the FROM clause of a SELECT ... INTO OUTFILE or SELECT ... INTO\nDUMPFILE statement contained only subqueries. An authenticated user could\npossibly use this issue to write files to unintended locations.\n(CVE-2026-44173)\n\nIt was discovered that MariaDB did not properly validate parameters\nsupplied by a joiner node during a State Snapshot Transfer using the rsync\nmethod. An attacker could possibly use this issue to execute arbitrary\nshell commands on the donor node. (CVE-2026-48163)\n\nIt was discovered that MariaDB allowed a high-privileged user to set\ncertain Galera system variables to values containing shell commands, which\nwere then executed by the server process. An authenticated user could\npossibly use this issue to execute arbitrary shell commands.\n(CVE-2026-48165)\n\nIt was discovered that MariaDB executed shell commands embedded in the name\nof a joiner node when wsrep_notify_cmd was enabled. A remote attacker could\npossibly use this issue to execute arbitrary shell commands.\n(CVE-2026-49261)","modified":"2026-07-14T23:44:43.638475402Z","published":"2026-07-14T11:45:03Z","related":["UBUNTU-CVE-2026-44168","UBUNTU-CVE-2026-44169","UBUNTU-CVE-2026-44171","UBUNTU-CVE-2026-44172","UBUNTU-CVE-2026-44173","UBUNTU-CVE-2026-48163","UBUNTU-CVE-2026-48165","UBUNTU-CVE-2026-49261"],"upstream":["CVE-2026-44168","CVE-2026-44169","CVE-2026-44171","CVE-2026-44172","CVE-2026-44173","CVE-2026-48163","CVE-2026-48165","CVE-2026-49261","UBUNTU-CVE-2026-44168","UBUNTU-CVE-2026-44169","UBUNTU-CVE-2026-44171","UBUNTU-CVE-2026-44172","UBUNTU-CVE-2026-44173","UBUNTU-CVE-2026-48163","UBUNTU-CVE-2026-48165","UBUNTU-CVE-2026-49261"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8536-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-44168"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-44169"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-44171"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-44172"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-44173"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-48163"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-48165"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-49261"}],"affected":[{"package":{"name":"mariadb","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/mariadb?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:11.8.6-5ubuntu0.1"}]}],"versions":["1:11.8.3-1build1","1:11.8.5-1","1:11.8.5-2","1:11.8.5-3","1:11.8.5-4","1:11.8.6-1","1:11.8.6-3","1:11.8.6-4","1:11.8.6-5"],"ecosystem_specific":{"binaries":[{"binary_name":"libmariadb-dev-compat","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_name":"libmariadb3","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_name":"libmariadbd19t64","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_name":"mariadb-backup","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_name":"mariadb-client","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_name":"mariadb-client-compat","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_version":"1:11.8.6-5ubuntu0.1","binary_name":"mariadb-client-core"},{"binary_name":"mariadb-common","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_version":"1:11.8.6-5ubuntu0.1","binary_name":"mariadb-plugin-connect"},{"binary_version":"1:11.8.6-5ubuntu0.1","binary_name":"mariadb-plugin-connect-jdbc"},{"binary_name":"mariadb-plugin-cracklib-password-check","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_version":"1:11.8.6-5ubuntu0.1","binary_name":"mariadb-plugin-gssapi-client"},{"binary_name":"mariadb-plugin-gssapi-server","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_name":"mariadb-plugin-hashicorp-key-management","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_version":"1:11.8.6-5ubuntu0.1","binary_name":"mariadb-plugin-mroonga"},{"binary_version":"1:11.8.6-5ubuntu0.1","binary_name":"mariadb-plugin-oqgraph"},{"binary_name":"mariadb-plugin-provider-bzip2","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_name":"mariadb-plugin-provider-lz4","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_version":"1:11.8.6-5ubuntu0.1","binary_name":"mariadb-plugin-provider-lzma"},{"binary_version":"1:11.8.6-5ubuntu0.1","binary_name":"mariadb-plugin-provider-lzo"},{"binary_name":"mariadb-plugin-provider-snappy","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_version":"1:11.8.6-5ubuntu0.1","binary_name":"mariadb-plugin-rocksdb"},{"binary_name":"mariadb-plugin-s3","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_name":"mariadb-plugin-spider","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_name":"mariadb-server","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_name":"mariadb-server-compat","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_version":"1:11.8.6-5ubuntu0.1","binary_name":"mariadb-server-core"},{"binary_name":"mariadb-test","binary_version":"1:11.8.6-5ubuntu0.1"},{"binary_name":"mariadb-test-data","binary_version":"1:11.8.6-5ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:26.04:LTS","cves":[{"id":"CVE-2026-44168","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-44169","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-44171","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"score":"medium","type":"Ubuntu"}]},{"severity":[{"score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","type":"CVSS_V4"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-44172"},{"id":"CVE-2026-44173","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2026-48163"},{"id":"CVE-2026-48165","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2026-49261","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8536-1.json"}}],"schema_version":"1.7.5"}