CVE-2026-44171

Published Jun 12, 2026

Last updated a day ago

CVSS medium 6.3

Overview

Description
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contain such paths, but a specially crafted archive could have caused mbstream to create files outside of the target-dir path. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.3
Impact score
5.9
Exploitability score
0.3
Vector string
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-22

Social media

Hype score
Not currently trending

  1. MariaDBに重大な脆弱性(CVE-2026-3494,CVE-2026-44168,CVE-2026-44170,CVE-2026-44171,CVE-2026-44172,CVE-2026-44173) https://t.co/kEjnCL2hEQ #セキュリティ対策Lab #security #securitynews

    @securityLab_jp

    10 Jun 2026

    90 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.