CVE-2026-44168
Received Received - Intake
MariaDB SST Command Injection Vulnerability

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: GitHub, Inc.

Description
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute arbitrary shell commands on the donor side via the mariabackup SST method. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-13
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2026-44168
EUVD
EUVD-2026-36514
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
mariadb mariadb 10.6
mariadb mariadb 10.11
mariadb mariadb 11.4
mariadb mariadb 11.8
mariadb mariadb 12.3
mariadb mariadb From 10.6.1 (inc) to 10.6.26 (exc)
mariadb mariadb From 10.11.1 (inc) to 10.11.17 (exc)
mariadb mariadb From 11.4.1 (inc) to 11.4.11 (exc)
mariadb mariadb From 11.8.1 (inc) to 11.8.7 (exc)
mariadb mariadb From 12.3.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

To detect the presence of this vulnerability on your system, you should first identify the MariaDB server version running on your nodes. The vulnerability affects versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1.

You can check the MariaDB version by running the following command on your database server:

  • mysql -V

If the version falls within the vulnerable ranges, the system is potentially affected. Since the vulnerability involves unsafe parameter interpolation during State Snapshot Transfer (SST) using the mariabackup method, monitoring SST operations and logs for unusual command executions or unexpected shell commands on the donor node may help detect exploitation attempts.

Additionally, you can audit the SST process by checking the logs typically located in the MariaDB data directory or system logs for any suspicious command execution patterns during SST.

There are no specific detection commands provided in the resources, but general best practices include:

  • Verify MariaDB version to confirm if it is vulnerable.
  • Review SST logs for unexpected shell command executions.
  • Monitor network traffic for unusual SST-related activity.
Executive Summary

CVE-2026-44168 is a vulnerability in MariaDB Server affecting multiple versions. During the State Snapshot Transfer (SST) process, the donor node interpolates parameters sent by the joiner into command-line execution without properly validating them. This unsafe handling allows a malicious joiner to inject arbitrary shell commands on the donor side via the mariabackup SST method.

Specifically, the wsrep_sst_mariabackup function on the donor side is vulnerable because it incorporates parameters, such as those from a certificate's CommonName, directly into commands without sanitization, leading to potential command injection.

Impact Analysis

This vulnerability can have severe impacts including unauthorized execution of arbitrary shell commands on the donor node by a malicious joiner. This can compromise the confidentiality, integrity, and availability of the affected MariaDB server.

  • An attacker with high privileges and network access can exploit this to execute commands remotely.
  • Potential impacts include data breaches, data corruption, and denial of service.
Mitigation Strategies

To mitigate the vulnerability CVE-2026-44168, you should upgrade your MariaDB server to a fixed version. The patched versions are 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.

This vulnerability involves unsafe parameter handling during State Snapshot Transfer (SST) on the donor side, which allows a malicious joiner to execute arbitrary shell commands. Upgrading to a fixed version prevents this unsafe interpolation of parameters.

Compliance Impact

CVE-2026-44168 allows a malicious joiner to execute arbitrary shell commands on the donor side of MariaDB during the State Snapshot Transfer process due to improper validation of parameters. This can lead to unauthorized access, modification, or disruption of data, which may compromise the confidentiality, integrity, and availability of sensitive information.

Such impacts can affect compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and ensure data integrity and availability. Exploitation of this vulnerability could result in data breaches or system compromise, potentially leading to violations of these regulatory requirements.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44168. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart