PatchSiren cyber security CVE debrief
CVE-2026-44169 MariaDB CVE debrief
CVE-2026-44169 is a vulnerability in MariaDB server, a community-developed fork of MySQL server. The issue affects versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1. A user who gains EXECUTE access to a stored routine via a role can view the routine definition, even without having the SHOW CREATE ROUTINE privilege. This vulnerability has been patched in versions 11.4.11, 11.8.7, and 12.3.2.
- Vendor
- MariaDB
- Product
- server
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of MariaDB server, particularly those using versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, should be aware of this vulnerability and take steps to update to a patched version.
Technical summary
The vulnerability allows users with EXECUTE access to a stored routine via a role to see the routine definition without needing the SHOW CREATE ROUTINE privilege. This could potentially lead to information disclosure.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to MariaDB server version 11.4.11, 11.8.7, or 12.3.2, or later.
Evidence notes
The CVE-2026-44169 vulnerability was patched in MariaDB server versions 11.4.11, 11.8.7, and 12.3.2. Users should update to one of these versions to mitigate the vulnerability.
Official resources
CVE-2026-44169 was published on 2026-06-12T18:16:33.713Z and has a CVSS score of 4.3, indicating a MEDIUM severity vulnerability.