CVE-2026-32710
Heap-based Buffer Overflow in MariaDB
CVSS Score
8.6
EPSS Score
0.3%
EPSS Percentile
52th
MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2.
| CWE | CWE-122 |
| Vendor | mariadb |
| Product | server |
| Published | Mar 20, 2026 |
| Last Updated | Mar 27, 2026 |
Stay Ahead of the Next One
Get instant alerts for mariadb server
Be the first to know when new high vulnerabilities affecting mariadb server are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
MariaDB / server
>= 11.4.1, < 11.4.10 >= 11.8.1, < 11.8.6 >= 12.1.2, < 12.2.2