CVE-2026-3494MEDIUMCVSS 5.3≤ 2.12.5·≥ 3.01.0, ≤ 3.04.5+2 more2026-03-03
CVE-2026-3494 [MEDIUM] CWE-778 CVE-2026-3494: In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_even
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
nvd