CVE-2026-32710
published 2026-03-20CVE-2026-32710: MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a…
PriorityP266critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.86%
53.8th percentile
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mariadb | < mariadb 1:11.8.6-1 (forky) | mariadb 1:11.8.6-1 (forky) |
| mariadb | mariadb | — | — |
| mariadb | mariadb | >= 0 < 1:11.8.6-0+deb13u1 | 1:11.8.6-0+deb13u1 |
| mariadb | mariadb | >= 0 < 1:11.8.6-1 | 1:11.8.6-1 |
| mariadb | mariadb | >= 11.4.1 < 11.4.10 | 11.4.10 |
| mariadb | mariadb | >= 11.8.1 < 11.8.6 | 11.8.6 |
| mariadb | server | — | — |
| mariadb | server | — | — |
| mariadb | server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger function: exploitation involves invoking the JSON_SCHEMA_VALID() SQL function; monitor authenticated database sessions calling JSON_SCHEMA_VALID() for anomalous or crash-inducing inputs ↗
- →Affected component is the JSON_SCHEMA_VALID() function in MariaDB; alert on server crashes (SIGSEGV/abort) originating from JSON schema validation code paths ↗
- →Affected versions: MariaDB 11.4.x before 11.4.10 and 11.8.x before 11.8.6; inventory and flag any deployments running these version ranges ↗
- →On Red Hat Enterprise Linux 9, the affected package is mariadb:11.8/mariadb; scan RHEL 9 hosts for this specific stream ↗
- →On Red Hat Enterprise Linux 10, the affected package is mariadb11.8; scan RHEL 10 hosts for this package ↗
- →Debian fixed version is 1:11.8.6-1 (forky/sid) and 1:11.8.6-0+deb13u1 (trixie); flag Debian hosts with mariadb packages older than these versions ↗
- ·RCE is only theoretically achievable under tightly controlled memory layout conditions; in practice the vulnerability manifests as a crash/DoS for most real-world deployments ↗
- ·Red Hat has no available mitigation meeting their deployment/ease-of-use criteria; patching to fixed versions is the only remediation path ↗
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
osv9.9CRITICAL
vendor_debian8.5LOW
vendor_redhat8.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
MariaDB Server up to 11.4.9/11.8.5/12.2.1 JSON_SCHEMA_VALID heap-based overflow (GHSA-4rj5-2227-9wgc / EUVD-2026-13764)
vuldb·2026-06-24·CVSS 9.9
CVE-2026-32710 [CRITICAL] MariaDB Server up to 11.4.9/11.8.5/12.2.1 JSON_SCHEMA_VALID heap-based overflow (GHSA-4rj5-2227-9wgc / EUVD-2026-13764)
A vulnerability was found in MariaDB Server up to 11.4.9/11.8.5/12.2.1. It has been classified as critical. This impacts the function JSON_SCHEMA_VALID. Performing a manipulation results in heap-based buffer overflow.
This vulnerability is cataloged as CVE-2026-32710. It is possible to initiate the attack remotely. There is no exploit available.
Upgrading the affected component is recommended.
OSV
CVE-2026-32710: MariaDB server is a community developed fork of MySQL server
osv·2026-03-20·CVSS 9.9
CVE-2026-32710 [CRITICAL] CVE-2026-32710: MariaDB server is a community developed fork of MySQL server
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.
Red Hat
MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability
vendor_redhat·2026-03-20·CVSS 8.5
CVE-2026-32710 [HIGH] CWE-120 MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability
MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.
A flaw was found in MariaDB. An authenticated user can exploit a vulnerability in the `JSON_SCHEMA_VALID()` function, which may lead to a server crash, resulting in a denial of service. Under specific and con
Debian
CVE-2026-32710: mariadb - MariaDB server is a community developed fork of MySQL server. An authenticated u...
vendor_debian·2026·CVSS 8.5
CVE-2026-32710 [HIGH] CVE-2026-32710: mariadb - MariaDB server is a community developed fork of MySQL server. An authenticated u...
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.
Scope: local
bookworm: resolved
forky: resolved (fixed in 1:11.8.6-1)
sid: resolved (fixed in 1:11.8.6-1)
trixie: resolved (fixed in 1:11.8.6-0+deb13u1)
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
blogs_hackernews·2026-05-11·CVSS 9.3
CVE-2026-6973 [CRITICAL] ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Rough Monday.
Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically reads like a guy tripped over root access by accident and decided to stay there.
The weird part is how normal this all sounds now. Fake updates. Quiet backdoors. Remote tools are used like skeleton keys. Forum rats swapping st
Wiz
Die CVE-Datenbank: Kuratierte Vulnerability Intelligence von Wiz | Wiz
blogs_wiz·CVSS 9.8
[CRITICAL] Die CVE-Datenbank: Kuratierte Vulnerability Intelligence von Wiz | Wiz
## Datenbank für Wiz-Schwachstellen
Eine umfassende Ressource für die Überwachung hochkarätiger Schwachstellen in Cloud-Umgebungen, die auf Sicherheitsteams und Cloud-Experten zugeschnitten ist
Sehen Sie, wie Wiz ausnutzbare Schwachstellen in Cloud-Workloads erkennt. Schau dir die 12-minütige Demo an
## Nach Technologie erkunden
## Beliebte Filter
## Hohes Profil
CVE-Kennung
Strenge
Punktzahl
Technologieen
Name der Komponente
CISA KEV-Exploit
Hat fix
Veröffentlichungsdatum
CVE-2026-35616
CRITICAL
9.8
FortiClient EMS
cpe:2.3:a:fortinet:forticlient_enterprise_management_server
Ja
Ja
Apr 04, 2026
GHSA-69fq-xp46-6x23
CRITICAL
9.4
N/A
github.com/aquasecurity/trivy
Nein
Ja
Mar 24, 2026
CVE-2026-3055
CRITICAL
9.3
Citrix ADC VPX
cpe:2.3:a:citrix:netscaler_app
Wiz
Il database CVE: Intelligence sulle vulnerabilità curata da Wiz | Wiz
blogs_wiz·CVSS 9.8
[CRITICAL] Il database CVE: Intelligence sulle vulnerabilità curata da Wiz | Wiz
## Database delle vulnerabilità Wiz
Una risorsa completa per il monitoraggio delle vulnerabilità di alto profilo negli ambienti cloud, su misura per i team di sicurezza e i professionisti del cloud
Scopri come Wiz rileva vulnerabilità sfruttabili tra carichi di lavoro cloud. Guarda la demo di 12 minuti
## Esplora per tecnologia
## Filtri popolari
## Alto profilo
CVE ID
Severità
Punteggio
Tecnologie
Nome del componente
Exploit CISA KEV
Ha la correzione
Data di pubblicazione
CVE-2026-35616
CRITICAL
9.8
FortiClient EMS
cpe:2.3:a:fortinet:forticlient_enterprise_management_server
Sì
Sì
Apr 04, 2026
GHSA-69fq-xp46-6x23
CRITICAL
9.4
N/A
github.com/aquasecurity/trivy
No
Sì
Mar 24, 2026
CVE-2026-3055
CRITICAL
9.3
Citrix ADC VPX
cpe:2.3:a:citrix:netscaler_appli
Wiz
La base de datos CVE: inteligencia de vulnerabilidades seleccionada por Wiz | Wiz
blogs_wiz·CVSS 9.8
[CRITICAL] La base de datos CVE: inteligencia de vulnerabilidades seleccionada por Wiz | Wiz
## Base de datos de vulnerabilidades de Wiz
Un recurso integral para monitorear vulnerabilidades de alto perfil en entornos de nube, diseñado para equipos de seguridad y profesionales de la nube
Observa cómo Wiz detecta vulnerabilidades explotables a través de cargas de trabajo en la nube. Ver demo de 12 minutos
## Explorar por tecnología
## Filtros populares
## Alto perfil
CVE ID
Severidad
Puntuación
Tecnologías
Nombre del componente
Exploit de CISA KEV
Tiene arreglo
Fecha de publicación
CVE-2026-35616
CRITICAL
9.8
FortiClient EMS
cpe:2.3:a:fortinet:forticlient_enterprise_management_server
Sí
Sí
Apr 04, 2026
GHSA-69fq-xp46-6x23
CRITICAL
9.4
N/A
github.com/aquasecurity/trivy
No
Sí
Mar 24, 2026
CVE-2026-3055
CRITICAL
9.3
Citrix ADC VPX
cpe:2.3:a:citrix:nets
Wiz
The CVE Database: Curated Vulnerability Intelligence by Wiz | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-35616 [CRITICAL] The CVE Database: Curated Vulnerability Intelligence by Wiz | Wiz
## Wiz Vulnerability Database
A comprehensive resource for monitoring high-profile vulnerabilities in cloud environments, tailored for security teams and cloud professionals
See how Wiz detects exploitable vulnerabilities across cloud workloads. Watch 12-min demo
## Explore by technology
## Popular filters
## High Profile
CVE ID
Severity
Score
Technologies
Component name
CISA KEV exploit
Has fix
Published date
CVE-2026-35616
CRITICAL
9.8
FortiClient EMS
cpe:2.3:a:fortinet:forticlient_enterprise_management_server
Yes
Yes
Apr 04, 2026
GHSA-69fq-xp46-6x23
CRITICAL
9.4
N/A
github.com/aquasecurity/trivy
No
Yes
Mar 24, 2026
CVE-2026-3055
CRITICAL
9.3
Citrix ADC VPX
cpe:2.3:a:citrix:netscaler_application_delivery_controller
Yes
Yes
Mar 23, 2026
CVE-2026-
Wiz
La base de données CVE : des informations sur les vulnérabilités sélectionnées par Wiz | Wiz
blogs_wiz·CVSS 9.8
[CRITICAL] La base de données CVE : des informations sur les vulnérabilités sélectionnées par Wiz | Wiz
## Base de données de vulnérabilités Wiz
Une ressource complète pour la surveillance des vulnérabilités de premier plan dans les environnements cloud, conçue pour les équipes de sécurité et les professionnels du cloud
Voyez comment Wiz détecte les vulnérabilités exploitables à travers des charges de travail cloud. Regardez la démo de 12 minutes
## Explorer par technologie
## Filtres populaires
## Profil élevé
Identifiant CVE
Sévérité
Score
Technologies
Nom du composant
Exploit CISA KEV
A corrigé
Date de publication
CVE-2026-35616
CRITICAL
9.8
FortiClient EMS
cpe:2.3:a:fortinet:forticlient_enterprise_management_server
Oui
Oui
Apr 04, 2026
GHSA-69fq-xp46-6x23
CRITICAL
9.4
N/A
github.com/aquasecurity/trivy
Non
Oui
Mar 24, 2026
CVE-2026-3055
CRITICAL
9.3
C
Wiz
CVE-2026-3494 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2026-3494 [HIGH] CVE-2026-3494 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3494 :
MariaDB Server vulnerability analysis and mitigation
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
Source : NVD
## 5.3
Score
Published March 3, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
MariaDB Server
MariaDB Client
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mariadb:10.3::mariadb-gssapi-server
mariadb:
Wiz
CVE-2026-35549 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2026-35549 [HIGH] CVE-2026-35549 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-35549 :
MariaDB Server vulnerability analysis and mitigation
An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256_crypt_r uses alloca.
Source : NVD
## 6.5
Score
Published April 3, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
MariaDB Server
MariaDB Client
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mariadb:10.11::mariadb-backup
mariadb-server
Sources
NVD
Wiz
CVE-2025-13699 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2025-13699 [HIGH] CVE-2025-13699 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-13699 :
MariaDB Server vulnerability analysis and mitigation
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the handling of view names. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27000.
Source : NVD
## 7
Score
Published December 23, 2025
Severity HIGH
CNA Score 7.0
Affecte
Wiz
CVE-2026-32710 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2026-32710 [HIGH] CVE-2026-32710 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32710 :
MariaDB Server vulnerability analysis and mitigation
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.
Source : NVD
## 9.9
Score
Published March 20, 2026
Severity CRITICAL
CNA Score 8.5
High-profile Vulnerability Yes
Affected Technologies
MariaDB Server
MariaDB Client
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release
Bugzilla
CVE-2026-32710 mariadb10.11: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability [fedora-43]
bugzilla·2026-03-23·CVSS 9.9
CVE-2026-32710 [CRITICAL] CVE-2026-32710 mariadb10.11: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability [fedora-43]
CVE-2026-32710 mariadb10.11: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
Based on:
https://www.cve.org/CVERecord?id=CVE-2026-32710
fixed by:
https://github.com/MariaDB/server/commit/93ef1236002fb42725770f076e7be712c87ea403
which is part of upstream releases:
11.8.6
Major releases 10.11 and are not affected as per:
https://jira.mariadb.org/browse/MDEV-38356
Bugzilla
CVE-2026-32710 mariadb10.11: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability [fedora-42]
bugzilla·2026-03-23·CVSS 9.9
CVE-2026-32710 [CRITICAL] CVE-2026-32710 mariadb10.11: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability [fedora-42]
CVE-2026-32710 mariadb10.11: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to
Bugzilla
CVE-2026-32710 mariadb11.8: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability [fedora-42]
bugzilla·2026-03-23·CVSS 9.9
CVE-2026-32710 [CRITICAL] CVE-2026-32710 mariadb11.8: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability [fedora-42]
CVE-2026-32710 mariadb11.8: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '42'.
Package Maintainer: If you wish for this bug to remain open because you
plan to
Bugzilla
CVE-2026-32710 mariadb11.8: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability [fedora-43]
bugzilla·2026-03-23·CVSS 9.9
CVE-2026-32710 [CRITICAL] CVE-2026-32710 mariadb11.8: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability [fedora-43]
CVE-2026-32710 mariadb11.8: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
Based on:
https://www.cve.org/CVERecord?id=CVE-2026-32710
fixed by:
https://github.com/MariaDB/server/commit/93ef1236002fb42725770f076e7be712c87ea403
which is part of upstream releases:
11.8.6
Major releases 10.11 and are not affected as per:
https://jira.mariadb.org/browse/MDEV-38356
Bugzilla
CVE-2026-32710 MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability
bugzilla·2026-03-20·CVSS 9.9
CVE-2026-32710 [CRITICAL] CVE-2026-32710 MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability
CVE-2026-32710 MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2026:19021 https://access.redhat.com/errata/RHSA-2026:19021
---
This issue has bee
2026-03-20
Published