Detections
Analytics

MariaDB 11.4.1 < 11.4.10 DoS

critical Nessus Plugin ID 305875

Synopsis

The remote database server is affected by a vulnerability.

Description

The version of MariaDB installed on the remote host is prior to 11.4.10. It is, therefore, affected by a vulnerability as referenced in the GHSA-4rj5-2227-9wgc advisory.

 - MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2. (CVE-2026-32710)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to MariaDB version 11.4.10 or later.

See Also

http://www.nessus.org/u?51aeba68

https://jira.mariadb.org/browse/MDEV-38356

Plugin Details

Severity: Critical

ID: 305875

File Name: mariadb_11_4_10.nasl

Version: 1.1

Type: Combined

Agent: windows, macosx, unix

Family: Databases

Published: 4/10/2026

Updated: 4/10/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-32710

CVSS v3

Risk Factor: Critical

Base Score: 9.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:mariadb:mariadb

Required KB Items: installed_sw/MariaDB

Patch Publication Date: 3/20/2026

Vulnerability Publication Date: 3/20/2026

Reference Information

CVE: CVE-2026-32710

IAVA: 2026-A-0287