PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-47847 Bitnami CVE debrief

The Bitnami MariaDB Galera container images and Helm chart have a hardcoded default credential vulnerability. The MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD environment variables default to 'monitor' and 'monitor', respectively. This user has REPLICATION CLIENT privileges from any host. The Bitnami Helm chart for MariaDB Galera did not expose parameters to configure this user's credentials, resulting in all chart deployments using this publicly known credential by default. Affected versions include container images 10.6.x prior to 10.6.27-photon-5-r0, 10.11.x prior to 10.11.17-photon-5-r1, 11.4.x prior to 11.4.12-photon-5-r0, 11.8.x prior to 11.8.7-photon-5-r1, and 12.3.x prior to 12.3.2-photon-5-r0 / 12.3.2-debian-12-r0, as well as Helm chart versions prior to 18.3.0.

Vendor
Bitnami
Product
bitnami/mariadb-galera
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-18
Original CVE updated
2026-06-22
Advisory published
2026-06-18
Advisory updated
2026-06-22

Who should care

Users of Bitnami MariaDB Galera container images and Helm chart, especially those using affected versions, should be aware of this vulnerability and take necessary actions to secure their deployments.

Technical summary

The vulnerability is caused by hardcoded default credentials for the Galera replication health-check user in Bitnami MariaDB Galera container images and Helm chart. The MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD environment variables are set to 'monitor' and 'monitor' by default, granting REPLICATION CLIENT privileges from any host. This allows for potential unauthorized access to the database.

Defensive priority

MEDIUM

Recommended defensive actions

  • Update to the latest version of the Bitnami MariaDB Galera container image
  • Update to the latest version of the Bitnami Helm chart for MariaDB Galera (version 18.3.0 or later)
  • Configure custom credentials for the Galera replication health-check user
  • Restrict access to the database to only necessary hosts and users
  • Monitor database activity for suspicious behavior
  • Consider implementing additional security measures, such as encryption and access controls

Evidence notes

The information provided is based on the CVE record and NVD details. The vulnerability was published on June 18, 2026, and modified on the same day. The source item URL provides additional information on the vulnerability.

Official resources

public