Bug 2494793

Summary: CVE-2026-48165 mariadb10.11: Arbitrary code execution via global system variable manipulation by a high-privileged user [fedora-all]
Product: [Fedora] Fedora Reporter: Praise Ogwuche <pogwuche>
Component: mariadb10.11Assignee: Michal Schorm <mschorm>
Status: CLOSED RAWHIDE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: rawhideCC: db-sig, mschorm, psloboda
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: {"flaws": ["113e9076-bfae-4dc7-a8f4-09d536bc9ac2"]}
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2026-06-30 10:58:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2488458    

Description Praise Ogwuche 2026-06-30 08:14:24 UTC
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or wsrep_sst_donor global system variables to execute shell commands as the uid of the mariadbd process on the galera joiner node. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2.

Comment 1 Michal Schorm 2026-06-30 10:58:37 UTC
Fixed in the version currently available in Fedora Rawhide