PatchSiren cyber security CVE debrief
CVE-2026-44173 MariaDB CVE debrief
CVE-2026-44173 is a vulnerability in MariaDB server, a community-developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.
- Vendor
- MariaDB
- Product
- server
- CVSS
- MEDIUM 5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of MariaDB server versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1 should be aware of this vulnerability and take necessary actions to upgrade to patched versions.
Technical summary
The vulnerability has a CVSS score of 5 and a severity of MEDIUM. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L. The weakness is classified as CWE-863.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to MariaDB server versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, or 12.3.2, or later.
Evidence notes
The vulnerability was patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.
Official resources
CVE-2026-44173 was published on 2026-06-12T18:16:34.257Z and has not been modified since then.