Bug 2494793 - CVE-2026-48165 mariadb10.11: Arbitrary code execution via global system variable manipulation by a high-privileged user [fedora-all]
Summary: CVE-2026-48165 mariadb10.11: Arbitrary code execution via global system varia...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: mariadb10.11
Version: rawhide
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
Assignee: Michal Schorm
QA Contact:
URL:
Whiteboard: {"flaws": ["113e9076-bfae-4dc7-a8f4-0...
Depends On:
Blocks: CVE-2026-48165
TreeView+ depends on / blocked
 
Reported: 2026-06-30 08:14 UTC by Praise Ogwuche
Modified: 2026-06-30 10:58 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2026-06-30 10:58:37 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Praise Ogwuche 2026-06-30 08:14:24 UTC
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high-privileged MariaDB user could've used wsrep_sst_receive_address or wsrep_sst_donor global system variables to execute shell commands as the uid of the mariadbd process on the galera joiner node. This issue has been patched in versions 10.6.27, 10.11.18, 11.4.12, 11.8.8, and 12.3.2.

Comment 1 Michal Schorm 2026-06-30 10:58:37 UTC
Fixed in the version currently available in Fedora Rawhide


Note You need to log in before you can comment on or make changes to this bug.