cbcvebase.
CVE-2026-32710
published 2026-03-20

CVE-2026-32710: MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a…

PriorityP266critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.86%
53.8th percentile
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianmariadb< mariadb 1:11.8.6-1 (forky)mariadb 1:11.8.6-1 (forky)
mariadbmariadb
mariadbmariadb>= 0 < 1:11.8.6-0+deb13u11:11.8.6-0+deb13u1
mariadbmariadb>= 0 < 1:11.8.6-11:11.8.6-1
mariadbmariadb>= 11.4.1 < 11.4.1011.4.10
mariadbmariadb>= 11.8.1 < 11.8.611.8.6
mariadbserver
mariadbserver
mariadbserver

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger function: exploitation involves invoking the JSON_SCHEMA_VALID() SQL function; monitor authenticated database sessions calling JSON_SCHEMA_VALID() for anomalous or crash-inducing inputs
  • Affected component is the JSON_SCHEMA_VALID() function in MariaDB; alert on server crashes (SIGSEGV/abort) originating from JSON schema validation code paths
  • Affected versions: MariaDB 11.4.x before 11.4.10 and 11.8.x before 11.8.6; inventory and flag any deployments running these version ranges
  • On Red Hat Enterprise Linux 9, the affected package is mariadb:11.8/mariadb; scan RHEL 9 hosts for this specific stream
  • On Red Hat Enterprise Linux 10, the affected package is mariadb11.8; scan RHEL 10 hosts for this package
  • Debian fixed version is 1:11.8.6-1 (forky/sid) and 1:11.8.6-0+deb13u1 (trixie); flag Debian hosts with mariadb packages older than these versions
  • ·RCE is only theoretically achievable under tightly controlled memory layout conditions; in practice the vulnerability manifests as a crash/DoS for most real-world deployments
  • ·Red Hat has no available mitigation meeting their deployment/ease-of-use criteria; patching to fixed versions is the only remediation path

CVSS provenance

nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
osv9.9CRITICAL
vendor_debian8.5LOW
vendor_redhat8.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.