CVE-2026-44173

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc	Vendor Advisory
https://jira.mariadb.org/browse/MDEV-39493	Third Party Advisory Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb:12.3.1:::::::*

History

16 Jun 2026, 19:04

Type	Values Removed	Values Added
First Time		Mariadb mariadb Mariadb
References	~~() https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc -~~	() https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc - Vendor Advisory
References	~~() https://jira.mariadb.org/browse/MDEV-39493 -~~	() https://jira.mariadb.org/browse/MDEV-39493 - Third Party Advisory, Issue Tracking
CPE		cpe:2.3:a:mariadb:mariadb:::::::: cpe:2.3:a:mariadb:mariadb:12.3.1:::::::*

12 Jun 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-12 18:16

Updated : 2026-06-16 19:04

NVD link : CVE-2026-44173

Mitre link : CVE-2026-44173

CVE.ORG link : CVE-2026-44173

JSON object : View

Products Affected

mariadb

mariadb

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2026-44173", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2026-06-12T18:16:34.257", "references": [{"url": "https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://jira.mariadb.org/browse/MDEV-39493", "tags": ["Third Party Advisory", "Issue Tracking"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2."}], "lastModified": "2026-06-16T19:04:35.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18373B5D-2024-48F6-812A-B3E28D6E7F2D", "versionEndExcluding": "10.6.26", "versionStartIncluding": "10.6.1"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94C3F42B-E2B4-4969-8925-78EE56F56FC9", "versionEndExcluding": "10.11.17", "versionStartIncluding": "10.11.1"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE5BBBEB-2714-4C1F-8662-23C932A72725", "versionEndExcluding": "11.4.11", "versionStartIncluding": "11.4.1"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C894B8F-EBFD-4835-8245-CDC7230CBC0D", "versionEndExcluding": "11.8.7", "versionStartIncluding": "11.8.1"}, {"criteria": "cpe:2.3:a:mariadb:mariadb:12.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57DFA226-8D97-4A19-8A62-426042F5416D"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}