CVE-2026-35549

Name of the Vulnerable Software and Affected Versions MariaDB Server versions prior to 11.4.10 MariaDB Server versions 11.5.0 through 11.8.5 MariaDB Server versions prior to 12.2.2

Description MariaDB Server is susceptible to a crash when using the caching sha2 password authentication plugin with certain user accounts. This occurs because the sha256 crypt r function utilizes alloca, and a large packet can trigger a server crash.

Recommendations Update MariaDB Server to version 11.4.10 or later. Update MariaDB Server to version 11.8.6 or later. Update MariaDB Server to version 12.2.2 or later.