CVE-2026-32710
Published: March 24, 2026Last modified: March 25, 2026
Description
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.9 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | CHANGED |
| Confidentiality | HIGH |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Notes
10.6.x shipped in 23 LTS does not provide the json_schema_valid() function. It appeared in 11.1 - https://mariadb.com/docs/server/reference/sql-functions/special-functions/json-functions/json_schema_valid
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | mariadb | Not affected (10.6.12-r0) |
| 25 LTS | mariadb | Fixed (11.4.10-r0) | |
| Stream | mariadb | Fixed (11.8.6-r0) |