CVE-2026-44170
Received Received - Intake
MariaDB Windows CONNECT Engine REST Command Injection

Publication date: 2026-06-12

Last updated on: 2026-06-12

Assigner: GitHub, Inc.

Description
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP attribute into the curl command line without proper sanitizing. This allows the user to execute shell commands on the server. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-12
Last Modified
2026-06-12
Generated
2026-06-13
AI Q&A
2026-06-12
EPSS Evaluated
N/A
NVD
CVE-2026-44170
EUVD
EUVD-2026-36513
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
mariadb mariadb From 12.3.1 (inc)
mariadb mariadb 10.6
mariadb mariadb 10.11
mariadb mariadb 11.4
mariadb mariadb 11.8
mariadb mariadb 12.3
mariadb mariadb From 10.6.1 (inc) to 10.6.26 (exc)
mariadb mariadb From 10.11.1 (inc) to 10.11.17 (exc)
mariadb mariadb From 11.4.1 (inc) to 11.4.11 (exc)
mariadb mariadb From 11.8.1 (inc) to 11.8.7 (exc)
mariadb mariadb to 12.3.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The primary mitigation step is to upgrade MariaDB to a patched version where this vulnerability is fixed.

  • Upgrade to MariaDB versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, or 12.3.2 or later.

If immediate upgrade is not possible, consider disabling the CONNECT engine or REST support on Windows to prevent exploitation.

  • Disable REST support or the CONNECT engine in your MariaDB configuration.

Also, restrict access to the MariaDB server to trusted users and networks to reduce the risk of exploitation.

Executive Summary

CVE-2026-44170 is a vulnerability in MariaDB server on Windows when the CONNECT engine and REST support are enabled. The issue occurs because the HTTP attribute in interpolated tables is passed to the curl command line without proper sanitization or escaping. This improper handling allows an attacker to inject and execute arbitrary shell commands on the server.

This vulnerability is classified as an OS Command Injection (CWE-78), where externally influenced input is used to construct an operating system command without neutralizing special characters, leading to potential command execution.

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary shell commands on the affected MariaDB server. Such command execution can lead to unauthorized access, data compromise, server control, or disruption of services.

Because the attacker can run commands on the server, it may result in data theft, data loss, or further exploitation of the server environment.

Detection Guidance

This vulnerability involves the CONNECT engine with REST support enabled on MariaDB running on Windows, where the HTTP attribute is passed unsanitized to the curl command line, allowing shell command execution.

To detect if your system is vulnerable, first verify if your MariaDB version is within the affected ranges: 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, or 12.3.1.

Check if the CONNECT engine and REST support are enabled on your MariaDB server.

You can run SQL queries to check for the CONNECT engine and REST support, for example:

  • SHOW ENGINES;
  • SHOW VARIABLES LIKE 'connect%';

Additionally, monitor logs or network traffic for suspicious curl command executions or unusual shell command activity originating from MariaDB processes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44170. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart