PatchSiren cyber security CVE debrief
CVE-2026-44168 MariaDB CVE debrief
CVE-2026-44168 is a high-severity vulnerability in MariaDB server, allowing a malicious joiner to execute arbitrary shell commands on the donor side via the mariabackup SST method. The vulnerability affects MariaDB server versions from 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1. The issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.
- Vendor
- MariaDB
- Product
- server
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of MariaDB server, particularly those using versions from 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, should apply the patches to prevent potential command injection attacks.
Technical summary
The vulnerability occurs during the SST (Semi-Synchronous Replication) process, where the donor node interpolates parameters sent by the joiner into the command line. Insufficient validation of these parameters allows a malicious joiner to execute arbitrary shell commands on the donor side.
Defensive priority
High
Recommended defensive actions
- Apply patches: Upgrade to MariaDB server versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, or 12.3.2, or later.
- Restrict access: Limit access to the MariaDB server to trusted users and networks.
- Monitor for suspicious activity: Regularly monitor the MariaDB server for signs of unauthorized access or malicious activity.
Evidence notes
The CVE-2026-44168 vulnerability has been confirmed by the MariaDB server community and has been assigned a CVSS score of 8 (High).
Official resources
CVE-2026-44168 was published on 2026-06-12T18:16:33.577Z and has not been modified since then.