CVE-2026-48165

EUVD-2026-36520
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or wsrep_sst_donor global system variables to execute shell commands as the uid of the mariadbd process on the galera joiner node. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Debian logo
Debian Releases
Debian Product
Codename
mariadb
bookworm
vulnerable
forky
vulnerable
sid
1:11.8.8-1
fixed
trixie
vulnerable
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libmariadbd-devel
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
libmariadbd19
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb-client
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb-errormessages
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
mariadb-tools
suse enterprise sap 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise sap 15 SP7
11.8.8-150700.3.15.1
fixed
suse enterprise server 15 SP4
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP5
10.6.27-150400.3.46.1
fixed
suse enterprise server 15 SP6
10.11.18-150600.4.20.1
fixed
suse enterprise server 15 SP7
11.8.8-150700.3.15.1
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://github.com/MariaDB/server/security/advisories/GHSA-7v3p-h23x-8hwv
https://jira.mariadb.org/browse/MDEV-39676