CVE-2026-49261

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-49261
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-49261.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-49261
Aliases
Downstream
Related
Published
2026-06-11T17:13:20.776Z
Modified
2026-06-19T04:01:25.669267172Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`
Details

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrep_notify_cmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2. As a workaround, anyone who cannot upgrade now should disable wsrep_notify_cmd.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-78"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/49xxx/CVE-2026-49261.json"
}
References

Affected packages

Git / github.com/mariadb/server

Affected ranges

Type
GIT
Repo
https://github.com/mariadb/server
Events
Introduced
00a8357bd30fdfca23720448a3f638290b6d35b7
Fixed
b2050fdb4a8776422baf01a41bf86845994edb97
Introduced
2437674291f31c91869a74eb6ebd9f03dc52bd43
Fixed
197f92bee02d8e836f529f37625be69b83e7acbd
Introduced
fa69b085b10f19a3a8b6e7adab27c104924333ae
Fixed
b4a80422bfeec93079a430c080fffbda8f6fa574
Introduced
1c4aed7c680c0402d6e97e097f03815c0e9bf4c5
Fixed
46a8eb42a520193686d9a16d4cea4b3e002917e4
Introduced
0 Unknown introduced commit / All previous commits are affected
Database specific 
{
    "cpe": [
        "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:mariadb:mariadb:12.3.1:*:*:*:*:*:*:*"
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "extracted_events": [
        {
            "introduced": "10.6.1"
        },
        {
            "fixed": "10.6.27"
        },
        {
            "introduced": "10.11.1"
        },
        {
            "fixed": "10.11.18"
        },
        {
            "introduced": "11.4.1"
        },
        {
            "fixed": "11.4.12"
        },
        {
            "introduced": "11.8.1"
        },
        {
            "fixed": "11.8.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "12.3.1"
        }
    ]
}

Affected versions

mariadb-10.*
mariadb-10.11.1
mariadb-10.11.10
mariadb-10.11.11
mariadb-10.11.12
mariadb-10.11.13
mariadb-10.11.14
mariadb-10.11.15
mariadb-10.11.16
mariadb-10.11.17
mariadb-10.11.2
mariadb-10.11.6
mariadb-10.11.7
mariadb-10.11.8
mariadb-10.11.9
mariadb-10.6.1
mariadb-10.6.10
mariadb-10.6.11
mariadb-10.6.12
mariadb-10.6.13
mariadb-10.6.14
mariadb-10.6.16
mariadb-10.6.17
mariadb-10.6.18
mariadb-10.6.19
mariadb-10.6.2
mariadb-10.6.20
mariadb-10.6.21
mariadb-10.6.22
mariadb-10.6.23
mariadb-10.6.24
mariadb-10.6.25
mariadb-10.6.26
mariadb-10.6.3
mariadb-10.6.4
mariadb-10.6.5
mariadb-10.6.6
mariadb-10.6.8
mariadb-10.6.9
mariadb-11.*
mariadb-11.4.1
mariadb-11.4.10
mariadb-11.4.11
mariadb-11.4.11b
mariadb-11.4.2
mariadb-11.4.3
mariadb-11.4.4
mariadb-11.4.5
mariadb-11.4.6
mariadb-11.4.7
mariadb-11.4.8
mariadb-11.4.9
mariadb-11.8.1
mariadb-11.8.2
mariadb-11.8.3
mariadb-11.8.4
mariadb-11.8.6
mariadb-11.8.7
mariadb-11.8.7b

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-49261.json"