CVE-2026-44169

EUVD-2026-36515
MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been patched in versions 11.4.11, 11.8.7, and 12.3.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Debian logo
Debian Releases
Debian Product
Codename
mariadb
bookworm
vulnerable
forky
vulnerable
sid
1:11.8.8-1
fixed
trixie
vulnerable
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libmariadbd-devel
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
libmariadbd19
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb-client
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb-errormessages
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb-tools
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://github.com/MariaDB/server/security/advisories/GHSA-22xq-vq3f-87x2
https://jira.mariadb.org/browse/MDEV-39288