CVE-2026-44171

EUVD-2026-36516
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contain such paths, but a specially crafted archive could have caused mbstream to create files outside of the target-dir path. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Debian logo
Debian Releases
Debian Product
Codename
mariadb
bookworm
vulnerable
forky
vulnerable
sid
1:11.8.8-1
fixed
trixie
vulnerable
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libmariadbd-devel
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
libmariadbd19
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb-client
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb-errormessages
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb-tools
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://github.com/MariaDB/server/security/advisories/GHSA-9pjh-5hhw-65v9
https://jira.mariadb.org/browse/MDEV-39408