ByteOS Network

CVE Vulnerability Details :

CVE-2026-44169

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-12 Jun, 2026 | 17:31

Updated At-12 Jun, 2026 | 17:31

▼CVE Numbering Authority (CNA)

MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been patched in versions 11.4.11, 11.8.7, and 12.3.2.

Affected Products

Vendor

MariaDB Foundation

Product

server

Versions

Affected

>= 11.4.1, < 11.4.11
>= 11.8.1, < 11.8.7
>= 12.3.1, < 12.3.2

Problem Types

Type	CWE ID	Description
CWE	CWE-863	CWE-863: Incorrect Authorization

Type: CWE

CWE ID: CWE-863

Description: CWE-863: Incorrect Authorization

Metrics

Version	Base score	Base severity	Vector
3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

Hyperlink	Resource
https://github.com/MariaDB/server/security/advisories/GHSA-22xq-vq3f-87x2	x_refsource_CONFIRM
https://jira.mariadb.org/browse/MDEV-39288	x_refsource_MISC

Hyperlink: https://github.com/MariaDB/server/security/advisories/GHSA-22xq-vq3f-87x2

Resource:

x_refsource_CONFIRM

Hyperlink: https://jira.mariadb.org/browse/MDEV-39288

Resource:

x_refsource_MISC

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References