PT-2026-45150 · Mariadb Foundation · Mariadb

Published

2026-05-26

Updated

2026-06-16

CVE-2026-44172

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MariaDB server versions 3.3.18 MariaDB server versions 3.4.8

Description An issue exists where applications using the big5 character set and text protocol are susceptible to SQL injections. This occurs when non-validated user input is processed by the mysql real escape string() function, which fails to properly prevent the injection in this specific configuration.

Recommendations Update MariaDB server version 3.3.18 to 3.3.19. Update MariaDB server version 3.4.8 to 3.4.9.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BIT-MARIADB-2026-44172

BIT-MARIADB-MIN-2026-44172

BIT-MYSQL-CLIENT-2026-44172

CVE-2026-44172

ECHO-6EA8-C8B9-7DDA

OPENSUSE-SU-2026:10897-1

OPENSUSE-SU-2026:20933-1

SUSE-SU-2026:22095-1

SUSE-SU-2026:2330-1

Affected Products

Mariadb

PT-2026-45150 · Mariadb Foundation · Mariadb

CVE-2026-44172

Weakness Enumeration

Related Identifiers

Affected Products

References · 38