PT-2026-22790 · Mariadb Foundation+1 · Mariadb+1
Published
2026-03-03
·
Updated
2026-05-29
·
CVE-2026-3494
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
MariaDB versions through 11.8.5
Description
When the server audit plugin is enabled with the
server audit events variable configured with QUERY DCL, QUERY DDL, or QUERY DML filtering, SQL statements prefixed with double-hyphen (—) or hash (#) style comments, invoked by an authenticated database user, are not logged. This occurs in MariaDB server versions through 11.8.5.Recommendations
Versions prior to 11.8.6 should be updated.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mariadb
Red Os