CVE-2026-48165
- Source
- https://cve.org/CVERecord?id=CVE-2026-48165
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-48165.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-48165
- Aliases
-
- BIT-mariadb-2026-48165
- BIT-mariadb-min-2026-48165
- BIT-mysql-client-2026-48165
- GHSA-7v3p-h23x-8hwv
- Downstream
- Related
- Published
- 2026-06-12T17:35:16.918Z
- Modified
- 2026-06-18T16:25:07.882134Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- MariaDB: unsafe usage of `wsrep_sst_receive_address` values on the joiner side
- Details
-
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrepsstreceiveaddress or wsrepsst_donor global system variables to execute shell commands as the uid of the mariadbd process on the galera joiner node. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-78" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/48xxx/CVE-2026-48165.json" }- References
Affected packages
Git / github.com/mariadb/server
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mariadb/server
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "source": "AFFECTED_FIELD", "extracted_events": [ { "introduced": "10.6.1" }, { "fixed": "10.6.27" }, { "introduced": "10.11.1" }, { "fixed": "10.11.18" }, { "introduced": "11.4.1" }, { "fixed": "11.4.12" }, { "introduced": "11.8.1" }, { "fixed": "11.8.8" }, { "introduced": "12.3.1" }, { "fixed": "12.3.2" } ] }
Affected versions
mariadb-10.*
mariadb-10.11.1
mariadb-10.11.10
mariadb-10.11.11
mariadb-10.11.12
mariadb-10.11.13
mariadb-10.11.14
mariadb-10.11.15
mariadb-10.11.16
mariadb-10.11.17
mariadb-10.11.2
mariadb-10.11.6
mariadb-10.11.7
mariadb-10.11.8
mariadb-10.11.9
mariadb-10.6.1
mariadb-10.6.10
mariadb-10.6.11
mariadb-10.6.12
mariadb-10.6.13
mariadb-10.6.14
mariadb-10.6.16
mariadb-10.6.17
mariadb-10.6.18
mariadb-10.6.19
mariadb-10.6.2
mariadb-10.6.20
mariadb-10.6.21
mariadb-10.6.22
mariadb-10.6.23
mariadb-10.6.24
mariadb-10.6.25
mariadb-10.6.26
mariadb-10.6.3
mariadb-10.6.4
mariadb-10.6.5
mariadb-10.6.6
mariadb-10.6.8
mariadb-10.6.9
mariadb-11.*
mariadb-11.4.1
mariadb-11.4.10
mariadb-11.4.11
mariadb-11.4.11b
mariadb-11.4.2
mariadb-11.4.3
mariadb-11.4.4
mariadb-11.4.5
mariadb-11.4.6
mariadb-11.4.7
mariadb-11.4.8
mariadb-11.4.9
mariadb-11.8.1
mariadb-11.8.2
mariadb-11.8.3
mariadb-11.8.4
mariadb-11.8.6
mariadb-11.8.7
mariadb-11.8.7b
mariadb-12.*
mariadb-12.3.1
Database specific
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"83555093190689620275821073838593397976",
"143165154904281853743473853789182958881",
"63999986304963433756283349979408037597",
"11928305571998280801094324365008482859"
]
},
"id": "CVE-2026-48165-2a00d700",
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/mariadb/server/commit/46a8eb42a520193686d9a16d4cea4b3e002917e4",
"target": {
"file": "plugin/feedback/utils.cc"
}
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-48165.json"
vanir_signatures_modified
"2026-06-18T16:25:07Z"