MariaDB: Argument injection in CONNECT REST Xcurl on Windows via...

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Description

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP attribute into the curl command line without proper sanitizing. This allows the user to execute shell commands on the server. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.

Basic Information

ID CVE-2026-44170

Source GitHub_M

Published Jun 12, 2026 at 17:30

Modified Jun 12, 2026 at 18:31

Affected Product

Vendor MariaDB

Product server

Version >= 10.6.1, < 10.6.26

Affected Versions MariaDB server >= 10.6.1, < 10.6.26
MariaDB server >= 10.11.1, < 10.11.17
MariaDB server >= 11.4.1, < 11.4.11
MariaDB server >= 11.8.1, < 11.8.7
MariaDB server >= 12.3.1, < 12.3.2

CWE Classification

CWE-78

References

{
    "lastseen": "",
    "description": "MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP attribute into the curl command line without proper sanitizing. This allows the user to execute shell commands on the server. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.",
    "published": "2026-06-12T17:30:15.405Z",
    "modified": "2026-06-12T18:31:23.373Z",
    "type": "cve",
    "title": "MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL",
    "source": "GitHub_M",
    "references": "https://github.com/MariaDB/server/security/advisories/GHSA-f835-cfjq-wf73\nhttps://jira.mariadb.org/browse/MDEV-39289",
    "id": "CVE-2026-44170",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "MariaDB server >= 10.6.1, < 10.6.26\nMariaDB server >= 10.11.1, < 10.11.17\nMariaDB server >= 11.4.1, < 11.4.11\nMariaDB server >= 11.8.1, < 11.8.7\nMariaDB server >= 12.3.1, < 12.3.2",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "server",
    "version": ">= 10.6.1, < 10.6.26",
    "vendor": "MariaDB",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL_CVE-2026-44170