CVE-2026-32710

MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.

CVSS v3 8.5 HIGH

8.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc	Vendor Advisory
https://jira.mariadb.org/browse/MDEV-38356	Vendor Advisory Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb:12.1.2:::::::*

History

31 Mar 2026, 21:13

Type	Values Removed	Values Added
Summary		(es) El servidor MariaDB es una bifurcación desarrollada por la comunidad del servidor MySQL. Un usuario autenticado puede provocar la caída de las versiones de MariaDB 11.4 anteriores a la 11.4.10 y 11.8 anteriores a la 11.8.6 a través de un error en la función JSON_SCHEMA_VALID(). Bajo ciertas condiciones, podría ser posible convertir la caída en una ejecución remota de código. Estas condiciones requieren un control estricto sobre la disposición de la memoria, lo cual generalmente solo es alcanzable en un entorno de laboratorio. Este problema está solucionado en MariaDB 11.4.10, MariaDB 11.8.6 y MariaDB 12.2.2.
CPE		cpe:2.3:a:mariadb:mariadb:::::::: cpe:2.3:a:mariadb:mariadb:12.1.2:::::::*
References	~~() https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc -~~	() https://github.com/MariaDB/server/security/advisories/GHSA-4rj5-2227-9wgc - Vendor Advisory
References	~~() https://jira.mariadb.org/browse/MDEV-38356 -~~	() https://jira.mariadb.org/browse/MDEV-38356 - Vendor Advisory, Issue Tracking
First Time		Mariadb mariadb Mariadb

20 Mar 2026, 19:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-20 19:16

Updated : 2026-03-31 21:13

NVD link : CVE-2026-32710

Mitre link : CVE-2026-32710

CVE.ORG link : CVE-2026-32710

JSON object : View

Products Affected

mariadb

mariadb

CWE

CWE-122

Heap-based Buffer Overflow

8.5 /10