MariaDB: path traversal in mbstream_CVE-2026-44171

6.3 / 10

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Description

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contain such paths, but a specially crafted archive could have caused mbstream to create files outside of the target-dir path. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.

Basic Information

ID CVE-2026-44171

Source GitHub_M

Published Jun 12, 2026 at 17:33

Modified Jun 12, 2026 at 18:06

Affected Product

Vendor MariaDB

Product server

Version >= 10.6.1, < 10.6.26

Affected Versions MariaDB server >= 10.6.1, < 10.6.26
MariaDB server >= 10.11.1, < 10.11.17
MariaDB server >= 11.4.1, < 11.4.11
MariaDB server >= 11.8.1, < 11.8.7
MariaDB server >= 12.3.1, < 12.3.2

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contain such paths, but a specially crafted archive could have caused mbstream to create files outside of the target-dir path. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.",
    "published": "2026-06-12T17:33:27.365Z",
    "modified": "2026-06-12T18:06:49.446Z",
    "type": "cve",
    "title": "MariaDB: path traversal in mbstream",
    "source": "GitHub_M",
    "references": "https://github.com/MariaDB/server/security/advisories/GHSA-9pjh-5hhw-65v9\nhttps://jira.mariadb.org/browse/MDEV-39408",
    "id": "CVE-2026-44171",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "MariaDB server >= 10.6.1, < 10.6.26\nMariaDB server >= 10.11.1, < 10.11.17\nMariaDB server >= 11.4.1, < 11.4.11\nMariaDB server >= 11.8.1, < 11.8.7\nMariaDB server >= 12.3.1, < 12.3.2",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "server",
    "version": ">= 10.6.1, < 10.6.26",
    "vendor": "MariaDB",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}