MariaDB Vulnerabilities Open Paths for Invalid Information Repository Entry

EXECUTIVE SUMMARY:

A set of vulnerabilities have been found in MariaDB server installations. The flaws span remote code execution (RCE), unauthorized data manipulation, and structural bypass of security controls, enabling attackers to compromise database integrity and extract sensitive information. Given MariaDB’s prevalence across millions of enterprise and cloud environments, the exposure presents a substantial risk to the confidentiality, integrity, and availability of critical business data. Organizations relying on affected deployments face potential data breaches, service disruption, and regulatory fallout if the vulnerabilities are exploited.[emaillocker id="1283"]

CVE-2026-49261 with a CVSS score of 10.0 – An unauthenticated remote code execution vulnerability that allows an external attacker to execute arbitrary commands on the database server without prior access, requiring only network connectivity to the vulnerable MariaDB instance.

CVE-2026-48165 with a CVSS score of 8.0 – A high‑severity flaw affecting multiple MariaDB releases that enables attackers to bypass security boundaries and manipulate database storage, exploitable by a remote adversary against unpatched servers.

CVE-2026-48163 with a CVSS score of 8.0 – This vulnerability permits unauthorized modification of database structures, with exploitation possible by attackers who can reach the affected MariaDB service.

RECOMMENDATION:

• We recommend you to update MariaDB to version 11.8.8, 11.4.12, 10.11.18 or 10.6.27 or later.

REFERENCES:

The following reports contain further technical details:

https://securityonline.info/mariadb-security-flaw-cvss-10/