CVE-2026-44173

CVE Database · CVE-2026-44173

CVE-2026-44173

· MEDIUMReceived

CVSS v3.1

5.0

EPSS

0.26%

Published

Jun 12, 2026

Modified

Jun 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB allowed SELECT ... INTO OUTFILE and SELECT ... INTO DUMPFILE without verifying the FILE privilege if the FROM clause contained only subqueries. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Weaknesses (CWE)

CWE-863

References (2)

https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc

https://jira.mariadb.org/browse/MDEV-39493

KEV Catalog EPSS Scores Vendors All CVEs