PatchSiren cyber security CVE debrief
CVE-2026-44170 MariaDB CVE debrief
CVE-2026-44170 is a MEDIUM severity vulnerability in MariaDB server versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1. The vulnerability occurs on Windows installations with the CONNECT engine and REST support enabled. An attacker can exploit this vulnerability to execute shell commands on the server by interpolating the table HTTP attribute into the curl command line without proper sanitization.
- Vendor
- MariaDB
- Product
- server
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of MariaDB server on Windows with the CONNECT engine and REST support enabled, particularly those using versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1.
Technical summary
The vulnerability allows for the execution of shell commands on the server due to improper sanitization of the table HTTP attribute in the curl command line. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to a patched version of MariaDB server (10.6.26, 10.11.17, 11.4.11, 11.8.7, or 12.3.2) if using a vulnerable version.
- Disable REST support if not required.
- Review and restrict access to the CONNECT engine and REST support to minimize exposure.
Evidence notes
The CVE-2026-44170 vulnerability was patched in MariaDB server versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2. For more information, see [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-44170) and [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-44170).
Official resources
CVE-2026-44170 was published on 2026-06-12T18:16:33.853Z.