CVE-2026-32710

Published: Mar 20, 2026Modified: Mar 31, 2026

9.9

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 3.1 / Impact: 6.0

Source: NVD

Description

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.

Affected (3)

Products: Mariadb: Mariadb

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Mariadb Mariadb	From 11.4.1 to 11.4.10
Mariadb Mariadb	From 11.8.1 to 11.8.6
Mariadb Mariadb	Version 12.1.2

Related CWEs

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (2)

https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc

Source: security-advisories@github.com

Vendor Advisory

https://jira.mariadb.org/browse/MDEV-38356

Source: security-advisories@github.com

Vendor AdvisoryIssue Tracking

Timeline

No history available yet.