Bug 2450259 - CVE-2026-32710 mariadb11.8: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability [fedora-43]
Summary: CVE-2026-32710 mariadb11.8: MariaDB: Remote Code Execution or Denial of Servi...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: mariadb11.8
Version: 43
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Michal Schorm
QA Contact:
URL:
Whiteboard: {"flaws": ["ea9e598c-467a-4b7c-86ce-c...
Depends On:
Blocks: CVE-2026-32710
TreeView+ depends on / blocked
 
Reported: 2026-03-23 09:06 UTC by Vipul Nair
Modified: 2026-06-24 10:05 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2026-06-24 10:05:07 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Vipul Nair 2026-03-23 09:06:04 UTC
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

Comment 1 Michal Schorm 2026-06-24 10:05:07 UTC
Based on:
  https://www.cve.org/CVERecord?id=CVE-2026-32710
fixed by:
  https://github.com/MariaDB/server/commit/93ef1236002fb42725770f076e7be712c87ea403
which is part of upstream releases:
  11.8.6
Major releases 10.11 and are not affected as per:
  https://jira.mariadb.org/browse/MDEV-38356


Note You need to log in before you can comment on or make changes to this bug.