Vulnerability Details CVE-2026-49261
MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with `wsrep_notify_cmd` enabled would execute shell commands embedded in the name of the joiner node. This is fixed in 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2. As a workaround, anyone who cannot upgrade now should disable `wsrep_notify_cmd`.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 48.2%
CVSS Severity
CVSS v3 Score 10.0
References
Products affected by CVE-2026-49261
-
cpe:2.3:a:mariadb:mariadb:10.11.1
-
cpe:2.3:a:mariadb:mariadb:10.11.10
-
cpe:2.3:a:mariadb:mariadb:10.11.11
-
cpe:2.3:a:mariadb:mariadb:10.11.12
-
cpe:2.3:a:mariadb:mariadb:10.11.13
-
cpe:2.3:a:mariadb:mariadb:10.11.14
-
cpe:2.3:a:mariadb:mariadb:10.11.15
-
cpe:2.3:a:mariadb:mariadb:10.11.16
-
cpe:2.3:a:mariadb:mariadb:10.11.2
-
cpe:2.3:a:mariadb:mariadb:10.11.3
-
cpe:2.3:a:mariadb:mariadb:10.11.4
-
cpe:2.3:a:mariadb:mariadb:10.11.5
-
cpe:2.3:a:mariadb:mariadb:10.11.6
-
cpe:2.3:a:mariadb:mariadb:10.11.7
-
cpe:2.3:a:mariadb:mariadb:10.11.8
-
cpe:2.3:a:mariadb:mariadb:10.11.9
-
cpe:2.3:a:mariadb:mariadb:10.6.1
-
cpe:2.3:a:mariadb:mariadb:10.6.10
-
cpe:2.3:a:mariadb:mariadb:10.6.11
-
cpe:2.3:a:mariadb:mariadb:10.6.12
-
cpe:2.3:a:mariadb:mariadb:10.6.13
-
cpe:2.3:a:mariadb:mariadb:10.6.14
-
cpe:2.3:a:mariadb:mariadb:10.6.15
-
cpe:2.3:a:mariadb:mariadb:10.6.16
-
cpe:2.3:a:mariadb:mariadb:10.6.17
-
cpe:2.3:a:mariadb:mariadb:10.6.18
-
cpe:2.3:a:mariadb:mariadb:10.6.19
-
cpe:2.3:a:mariadb:mariadb:10.6.2
-
cpe:2.3:a:mariadb:mariadb:10.6.20
-
cpe:2.3:a:mariadb:mariadb:10.6.21
-
cpe:2.3:a:mariadb:mariadb:10.6.22
-
cpe:2.3:a:mariadb:mariadb:10.6.23
-
cpe:2.3:a:mariadb:mariadb:10.6.24
-
cpe:2.3:a:mariadb:mariadb:10.6.25
-
cpe:2.3:a:mariadb:mariadb:10.6.3
-
cpe:2.3:a:mariadb:mariadb:10.6.4
-
cpe:2.3:a:mariadb:mariadb:10.6.5
-
cpe:2.3:a:mariadb:mariadb:10.6.6
-
cpe:2.3:a:mariadb:mariadb:10.6.7
-
cpe:2.3:a:mariadb:mariadb:10.6.8
-
cpe:2.3:a:mariadb:mariadb:10.6.9
-
cpe:2.3:a:mariadb:mariadb:11.4.1
-
cpe:2.3:a:mariadb:mariadb:11.4.10
-
cpe:2.3:a:mariadb:mariadb:11.4.11
-
cpe:2.3:a:mariadb:mariadb:11.4.2
-
cpe:2.3:a:mariadb:mariadb:11.4.3
-
cpe:2.3:a:mariadb:mariadb:11.4.4
-
cpe:2.3:a:mariadb:mariadb:11.4.5
-
cpe:2.3:a:mariadb:mariadb:11.4.6
-
cpe:2.3:a:mariadb:mariadb:11.4.7
-
cpe:2.3:a:mariadb:mariadb:11.4.8
-
cpe:2.3:a:mariadb:mariadb:11.4.9
-
cpe:2.3:a:mariadb:mariadb:11.8.1
-
cpe:2.3:a:mariadb:mariadb:11.8.2
-
cpe:2.3:a:mariadb:mariadb:11.8.3
-
cpe:2.3:a:mariadb:mariadb:11.8.4
-
cpe:2.3:a:mariadb:mariadb:11.8.5
-
cpe:2.3:a:mariadb:mariadb:11.8.6
-
cpe:2.3:a:mariadb:mariadb:11.8.7
-
cpe:2.3:a:mariadb:mariadb:12.3.1