Changeflow GovPing Data Privacy & Cybersecurity MariaDB Vulnerability: Denial of Service, Poten...
Priority review Notice Added Final

MariaDB Vulnerability: Denial of Service, Potential Code Execution

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published March 22nd, 2026
Detected March 23rd, 2026
Email

Summary

CERT-Bund has issued a security advisory for MariaDB, detailing a vulnerability that allows remote, authenticated attackers to cause a Denial of Service and potentially execute arbitrary code. The advisory affects specific versions of MariaDB Server across Linux, UNIX, and Windows operating systems.

View original document View source feed page

What changed

CERT-Bund has released a security advisory (WID-SEC-2026-0815) concerning critical vulnerabilities in MariaDB Server versions prior to 11.4.10, 11.8.6, and 12.2.2. The identified flaw, with a CVSS Base Score of 8.5, enables remote, authenticated attackers to initiate Denial of Service attacks and, in some scenarios, execute arbitrary code on affected systems. The advisory applies to MariaDB Server installations on Linux, UNIX, and Windows operating systems.

Organizations utilizing the affected MariaDB Server versions should prioritize applying the available mitigation strategies or upgrading to patched versions as soon as possible to prevent potential exploitation. Failure to address this vulnerability could lead to service disruptions and compromise system integrity through unauthorized code execution. The advisory notes that mitigation is available, implying that immediate patching may not be universally deployed but that workarounds or fixes exist.

What to do next

  1. Review MariaDB Server version and apply available mitigations or upgrade to patched versions (11.4.10, 11.8.6, 12.2.2 or later).
  2. Assess systems for signs of exploitation.
  3. Implement enhanced monitoring for database activity.

Source document (simplified)

[WID-SEC-2026-0815] MariaDB: Schwachstelle ermöglicht Denial of Service und potenziell Codeausführung CVSS Base Score 8.5 (hoch) CVSS Temporal Score 7.4 (hoch) Remoteangriff ja Datum 22.03.2026 Stand 23.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • UNIX
  • Windows

Produktbeschreibung

MariaDB ist ein relationales Datenbanksystem, das anwendungskompatibel mit MySQL ist.

Produkte

22.03.2026
- MariaDB MariaDB Server <11.4.10

  • MariaDB MariaDB Server <11.8.6

  • MariaDB MariaDB Server <12.2.2

Angriff

Angriff

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in MariaDB ausnutzen, um einen Denial of Service Angriff durchzuführen, und potenziell um beliebigen Programmcode auszuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for wid.cert-bund.de Python Vulnerability Allows Code Execution
Priority review Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Langflow Vulnerabilities Advisory
Urgent Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de PTC FlexPLM and Windchill Vulnerability Allows Code Execution
Urgent Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Microsoft Product Vulnerabilities Detailed
Priority review Mar 23, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Microsoft Edge Vulnerabilities
Priority review Mar 23, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr VMware Product Vulnerabilities - CERTFR Security Advisory
Priority review Mar 23, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-Bund
Published
March 22nd, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
WID-SEC-2026-0815

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Database Management System Security
Geographic scope
Germany DE

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Security Software Vulnerabilities

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 228 Consumer Protection 40 Courts & Legal 312 Data Privacy & Cybersecurity 62 Defense & National Security 48 Education 20 Energy 104 Environment 83 Government & Legislation 258 Healthcare 131 Housing 15 Immigration 9 Insurance 55 Labor & Employment 110 Legal & Courts 1 Pharma & Drug Safety 97 Securities & Markets 77 Tax 62 Telecom & Technology 47 Trade & Sanctions 124 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Free. Unsubscribe anytime.